T7 B18 Gorelick Comments FDR - Team 7 Draft Monograph W Gorelick Comments 559

UNCLASSIFIED
COMMISSION SENSITIVE
TEAM 7 DRAFT MONOGRAPH
on
CIVIL AVIATION AND

TRANSPORTATION SECURITY
Sam Brinkley
William Johnstone
John Raidt
DRAFT FOR INTERNAL USE ONLY DRAFT
CIVIL AVIATION SECURITY: PRELUDE TO 9-11

Executive Summary
The story of how terrorists on September 11, 2001 were able to hijack four U.S. civilian
jetliners and use them as weapons of mass destruction against the American homeland
begins with fundamental questions about the status of the civil aviation security system
that was supposed to stop them.
• How did the U.S. civil aviation security system evolve to achieve its status as of
September 11,2001?
• Who was responsible for setting, implementing and enforcing aviation security
policies and procedures?
• What did civil aviation authorities perceive to be the security threat to commercial
aviation, its vulnerabilities to terrorism and the consequences of a successful
attack? And what did they do about it?
• Precisely what security measures were the hijackers required to defeat in order to
execute their crime on September 11,2001?
Pivotal Incidents and Aviation Security

From the inception of the U.S. civil aviation system in the 1920's up to the modern era,
two forms of attack against U.S. commercial aircraft have remained the most urgent and
consequential — air piracy, most commonly referred to as hijacking, and sabotage,
primarily in the form of bombing.
The national system for protecting passengers, aircraft and airports from attack was
neither created nor developed by policy makers in anticipation of criminal and terrorist
intentions, but rather in reaction to major incidents—a phenomenon observed by
numerous public aviation commissions and commentators over the past 25 years. As
threats manifested themselves through successful attacks, including headline, watershed
disasters, new defensive measures and approaches were implemented by policy makers
seeking to solve the prevailing "security problem" of the time.
• The 1955 bombing of a United flight for the purpose of insurance fraud
The sabotage of this flight after take-off from Denver, Colorado, killing 44, gave rise to
limits on the value of passenger insurance policies. The attack was followed three years
later by the hijacking of a Cuban airliner en route from Havana to Miami1 and a series of
midair collisions."2 These incidents together with "the approaching introduction of jet
airliners spurred Congress to create an independent Federal Aviation Administration
(FAA), extending the agency power to oversee both the "safety and security" of civilian
aviation, as well as to "promote" the aviation industry.3 Li these early years, the primary
focus of air commerce regulators was on issues of "operational safety," while the thrust
Q
1
of security policy was on enforcing generally applicable statutes against fraud, theft and
assault.
• The rash of aircraft hijackings to Cuba between 1968 and 1972
The industry's age of relative innocence was shattered by an epidemic of hijacking

between 1968 and 1972. Congress responded by passing major new aviation security
laws, the centerpiece of which was a requirement that air carriers submit their passengers
to pre-boarding checkpoint screening in order to enforce prohibitions on the possession of
"deadly weapons, explosives and incendiaries" aboard commercial aircraft. The new
body of law created a federal regulatory system in which the FAA was responsible for
establishing and enforcing security policies and standards, while commercial air carriers
and airports were responsible for carrying them out. During this period political and
religious conflict in the Middle East created a breeding ground for terrorist activity, some
of which in the years to follow was aimed at the United States over its policies in the
region.
• The 1988 downing of Pan Am 103 by a terrorist bomb
The Pan Am 103 disaster shifted the security focus from hijacking to the sabotage threat
as authorities endeavored to develop the technological means to detect improvised
explosive devices (lED'S). Laws passed in response to the incident created new
positions within the FAA to oversee security, and required the FBI and FAA to formally
assess the contemporary aviation threat posed by rogue states and terrorist movements,
and to evaluate systemic vulnerabilities to their tactics.
• The destruction of TWA 800 over the Atlantic Ocean in 1996
This tragedy reinforced aircraft sabotage as the major security concern, as hijacking was
perceived to be in check. The heightened concern over bombs, prompted a major push to
increase the screening of checked baggage for explosives (even though the federal
investigation into the disaster eventually concluded that the cause of the crash was not an
explosive). The incident occurred at a time when both the domestic aviation security
system and U.S. national security complex at large perceived a rising threat from the
proliferation of highly capable terrorist groups willing to target and maximize casualties
among civilian populations in pursuit of extreme political or religious aims—a trend
illustrated by the 1993 bombing of the World Trade Center, the 1997 bombing of the
Federal building in Oklahoma City, the 1998 bombings of the U.S. embassies in Africa
and the foiled 1995 Bojinka plot by Ramzi Yousef, an Al Qaeda affiliate, to destroy 12
U.S. airliners simultaneously through coordinated bombings.

2
Aviation Security Roles and Responsibilities

As the United States responded to attacks upon commercial aviation, particularly to high
profile disasters, the roles and responsibilities for planning, operating and enforcing the
nation's aviation security system took shape. Well before September 11, 2001 these
crucial functions had become vested in five primary institutions:
1) The Federal Aviation Administration: Responsible for setting and enforcing

regulations "to protect passengers and property... against an act of criminal
violence or aircraft piracy." These rules imposed upon certified airports and air
carriers to achieve that objective were set forth in 14 CFR parts, 107,108 and
109. The FAA's enforcement tools included the imposition of fines and
withholding an air carrier's or airport's federal certificate to operate. Beginning
in 1986 part of FAA's responsibility "to protect passengers and property"
included gathering and evaluating intelligence on threats to the civil aviation
system.
2) Air Carriers: Responsible for screening passengers and baggage for weapons
and prohibited items (weapons, explosives and incendiary devices), controlling
access to aircraft and training air crews in emergency response. The security
requirements imposed upon commercial air carriers were set forth hi 14 CFR
Parts 108 and 129, and an FAA-approved Air Carrier Standard Security Program
(ACSSP) that specified the ways and means by which air carriers would meet
federal aviation security requirements..
3) Airport Authorities: Responsible for controlling access to sensitive airport

facilities including the Air Operation Area (AOA) and providing law enforcement
services to airport facilities. The security requirements imposed upon commercial
airports were set forth in 1.4 CFR Parts 107 and 139, and the FAA-approved
Airport Standard Security Program (ASSP) that specified the ways and means by
which airports would meet federal aviation security requirements.
4) The U.S. Intelligence Community; Responsible for collecting and sharing with
the Federal Aviation Administration information bearing on threats to aviation,
and, together with law enforcement, for stopping such plots from being carried
out. ,
5) Congress: responsible for making aviation security law, performing oversight of

the national civil aviation system, and funding federal aviation security
responsibilities.
Each of these institutions possessed a unique set of perspectives, priorities, roles and
authorities and was subject to diverse influences and competing objectives in the aviation
security arena.

3
The FAA was required by law to regulate the safety and security of civil aviation while at
the same time promoting the aviation industry—a dual mandate that was the subject of
continuous question by critics.
U.S. Air Carriers were profit-seeking enterprises that sought to minimize costs,
including security expenses, and maximize revenues in order to succeed in a highly
competitive business environment hi which they had a moral, legal and economic
obligation to protect the safety and security of their aircraft and passengers.
U.S. Airports were public hubs of economic activity in competition for air carrier
revenues, travel business and customer satisfaction. As such they were, in most
instances, high profile venues for both lawbreakers and local law enforcement authorities.
The U.S. Intelligence Community was responsible for collecting information on threats
to national security, providing its services to many government "customers" including the
Federal Aviation Administration. Its ability to collect information on behalf of its
customers was constrained by legal strictures and practices intended to protect personal
rights, especially within the United States. The Intelligence Community's ability and
willingness to share information with fellow agencies and the public was constrained by
agency customs and procedural strictures intended to protect methods of collection and
sources of information. >.
Congress was required to set aviation security policy, fund the federal components and
oversee the system as it dealt with the many competing priorities and political influences
affecting the national agenda including issues of budgeting, economics, national security,
and the regulation of an industry from which it also received political contributions.
The architecture of the civil aviation security system, and the standards by which it would
function, were the product of these institutions, and the tug of war between competing
public policy interests: cost versus benefit; public convenience versus precaution;
regulation versus partnership; differing perceptions about credible threat and acceptable
levels of risk; and the implacable clash between economics and public safety.
Civil Aviation Security Defenses

By the morning of September 11,2001 national civil aviation security had come to
feature six major vectors of defense—what its architects and operators referred to as a
"layered" system of protection:
• Intelligence Collection
Considered by the FAA to be the first tier of the nation's layered aviation security
[ « system, intelligence collected by the U.S. Intelligence Community was relied upon by the
"* "•> F AA and me law enforcement community to help identify, assess and interdict ihreats-ta
^ CMY *>**^ ' j;ivii aviation. The FAA maintained a 24-hour watch which received a steady flow of
DRAFT. FOR INTERNAL USE ONLY DRAFT

4
threat related information from intelligence agencies, particularly the FBI, CIA, and State
Department. The information was used by the FAA to establish Intelligence Case Files
(ICF's) to track security threats and issues. The FAA's analysis of the information
collected in these files formed the basis for aviation security policies and special
directives to the industry.
• Passenger Pre-screening
The next vector of commercial aviation defense was passenger prescreening, comprised
of two main elements both designed to help prevent dangerous people and/or their
weapons from accessing commercial aircraft. The first pre-screening element was the
FAA listing of individuals known by U.S. authorities to pose a threat to commercial
aviation. Based on information provided by the Intelligence Community, the FAA was
authorized to issue directives to air carriers requiring them to prohibit listed individuals
\ frornjjoarding aircraft or. in designated cases, to assure that the passenger received
"\ enhanced screening before enplaning. . , *>
—
: second element of prescreening was a program to identify those passengers on each
commercial flight who, based on their profile, may pose more than a "minimal tWaf" tn
aviation. InJ998. the FAA issued a directive requiring air carriers to implement an
FAA-approved computer-assisted passenger prescreening program (CAPPS)—software
designed to identify the pool of passengers most likely to contain a terrorist. The
program employed an algorithm of "factors" and "weights," derived from each
passenger's ticket purchase, passport and frequent flyer data, (excluding the individual's
race, creed, religion or national origin), to identify "selectees." The consequence of
"selection" was restricted to screening the passenger's checked baggage for explosives.
• Checkpoint screening ,. ......
Perceived by the FAA, the aviation industry and passengers as the most obvious and vital
element of aviation security, federal rules required air carriers "to conduct screening... to
prevent or deter the carriage aboard airplanes of any explosive, incendiary, or a deadly or
dangerous weapon on or about each individuals person or accessible, property, and the
carriage of any explosive or incendiary ir^check baggage." 4
Passengers were screened by government certified metal detectors operated and

maintained according to FAA rules and calibrated to detect guns and large knives.
Knives fewer than four inches in length were not prohibited primarily because FAA did
not consider such items to be "menacing" and most state and local laws permitted them to
be carried in a concealed fashion. Carry-on items were screened by government certified
x-ray machines capable of detecting the shapes of items possessing a designated level of
density. In most instances, passenger screening operations were conducted by
companies under contract with the responsible air carrier.
Q
5
• Baggage screening
Federal rules required that passenger bags on flights at most airports be screened for
explosives either by detection devices, K-9 screening or physical search. In the absence
of this capability, the air carrier was permitted to practice Positive Passenger Bag Match
to assure that no bag was loaded into the hold without its owner on board the aircraft,
under the presumption that a bomber would not commit suicide.
• Access controls
FAA rules designated security-sensitive airport zones, including the Air Operations Area
as Special Identification Display Areas (SIDA). Only individuals cleared, authorized and
credentialed by the airport under FAA standards were to be permitted access. Access
points to SIDA areas were to be controlled using approved portal features and access
procedures.
• Aircraft protection
If the pre-flight vectors of aviation security designed to stop dangerous people and/or
weapons from accessing the aircraft failed, the final line of defense was on-board. FAA
operated a Federal Air Marshal program to place specially-trained law enforcement
V -\ officials aboard high-risk flights. FAA rules required Air Carriers to train flight crew in
FAA-approved tactics for responding to in-flight emergencies.
Weaknesses in the System
While the aviation security system was intended to be a multi-layered, integrated system
of protection, each of the layers had significant flaws that were recognized to varying
degrees by Congress, the FAA and the industry.
Intelligence: Although FAA's Office of Intelligence maintained liaisons with the FBI,
CIA and Department of State, the agency unsuccessfully sought access to greater levels
of raw data from the Intelligence community and perceived a "blind spot" in domestic
D»&,^^ intelligence that FAA officials attributed to the FRT'g focy? "n criminal investigating
^-^ r? ^ rather than intelligence gathering. PLACEHOLDER TO CONFIRM EITHER
*_ sU "ADDITIONAL ANECDOTAL EVIDENCE OR DOCUMENTARY EVIDENCE TO BE
t- u~<"\ SURE THIS STATEMENT IS TRUE. MAY MOVE THIS TREATMENT TO THE
"DISCUSSION SECTION" AFTER THE 9-11 NARRATIVE; PLACEHOLDER FOR
?OUR ANALYSIS OF THE ICF'S TO BEAR OUT THE PAUCITY OF DOMESTIC
INFORMATION—AGAIN MAY RESERVE THIS TREATMENT FOR THE
DISCUSSION SECTION)
?(y r - £*« % Computer pre-screening: Automated profiling was an inexact science that identified
many individuals who posed no particular threat to aviation as "selectees" and operated
without empirical evidence that it captured all of those who were. While the system was

6
designed, in part, using hijacker profiles, it was targeted only at those who checked bags.
and the consequences of "selection" were limited to screening the selectees' baggage for
explosives. This reflected FAA's view that non-suicide bombing was the most
substantial risk to domestic aircraft and a confidence that the combination of checkpoint
screening and on-board emergency procedures were sufficient to counter a moribund
hijacking threat.
Checkpoint screening: Metal detectors, x-ray machines and the screeners who operated
this equipment were the primary bulwark of the aviation security system. By 2001,
however, any confidence that checkpoint screening was functioning sufficiently was
belied by numerous (PLACE HOLDER: ASCERTAINING AN EXACT NUMBER OF
REPORTS) publicized studies by the General Accounting Office5 and the Department of
Transportation's Office of Inspector General6 which over the previous twenty years had
documented systemic and chronic weaknesses in the system.
The high failure rate of screeners to detect weapons was discerned by the FAA using tests
designed only to evaluate the system's ability to detect prescribed "test items" used by w
government auditors. The test protocols did not reflect the wide range of prohibited
weapons that the metal detectors and x-ray equipment in place were operationally
Jncapable of detecting nor did it account for the weapons and operational tactics that a
committed terrorist would most likely employ.
o Aircraft protection: On board defenses were the final layer of protection in the
concentric layers of aviation security. By 2001, however, the Federal Air Marshal
program had declined to a small fraction of its strength in the 1970's, and the FAA
deployed marshals only on high risk international flights.7 The domestic program
withered because of the system's confidence hi checkpoint screening operations, the
absence of hijacking events and the cost of the program that required the air carriers to
"give-up" seats to marshals that could otherwise be sold to paying customers.
Federal aviation regulations required that aircrew be trained hi the tactics to address in-
flight emergencies including a hijacking protocol based on cooperation. Years of
experience in dealing with "traditional," non-suicide hijacking in which the plane was
commandeered either to provide transportation or to use for bargaining purposes resulted
in a philosophy of appeasement and negotiation. Pilots and flight attendants were trained
to refrain from any attempt to overpower hijackers.8
Aviation security commentator John Nance,described the hijacking protocol as follows:
To the extent that the politically-motivated hijacking was even considered, it was lumped
with all the other whose perpetrators had not suicidal intent, and thus could arguably be
talked into a safe and non-lethal surrender, given enough time and aircrew patience.9

7
The World of September 11. 2001
In the lead-up to September 11,2001, the aviation security system had been enjoying a
period of relative peace. No U.S. flagged aircraft had been bombed or hijacked in over a
decade.
Demand for air service was robust and beginning to outpace the capacity of the system.
Heeding calls by the public for improved efficiency and customer service, and by the
industry for increased capacity, Congress focused its legislative and oversight attention
on these issues, including enactment of a "passenger bill of rights" aimed at assuring a
more convenient and comfortable passenger experience.
The FAA, as well, was centered on issues of customer service, capacity and economics.
(PLACEHOLDER FOR ANALYSIS OF RULEMAKING TO PROVE THIS
CONTENTION). The agency's security agenda was dominated by efforts to implement a
three-year old Congressional mandate to deploy explosives detection equipment at all
major airports and on attempts to complete a nearly five-year old rulemaking effort to
improve the performance of checkpoint screening operations. The latter rule sought to
mandate certification of checkpoint screening companies, improve screener training and
impose stricter background checks on screeners and airport employees.
Meanwhile, profit-challenged air carriers, feeling the effects of deregulated competition,

increased fuel costs, and constrained spending by business travelers remained focused on
their tenuous financial position, as they responded to the demand by passengers, the FAA
and Congress for unproved customer service. (PLACEHOLDER FOR SPECIFIC
INFORMATION ON THEIR FINANCIAL STATUS) f: £
Perceived Aviation Security Threat
On the national security front, aviation security authorities were aware of the increased
"chatter" being picked up by U.S. intelligence agencies that caused a growing sense
during the summer of 2001 that terrorist attacks were in the offing.
Court convictions that spring of Al Qaeda affiliate Ahmed Ressam for a plot to bomb the
Los Angeles International Airport during the millennium and of the Al Qaeda
conspirators who blew up two U.S. embassies in Africa in 1988, heightened fears among
aviation security specialists that Islamic radicals would seek retrihntmn aga.jpgtJJ_S
u targets, possibly U.S. aircraft.
Throughout that summer, and indeed, since (PLACEHOLDER FOR DATE WE WENT
^. \n^ Priorities
TO AVSEC III) the domestic aviation system was operating at Security Alert Level III—
the level required when "Information indicates that a terrorist group or other hostile entity
with a known capability of attacking civil aviation is likely to carry out attacks against
U.S. targets; or civil disturbances with a direct impact on civil aviation have begun or are

8
imminent." (PLACEHOLDER FOR SHORT DESCRIPTION OF AVSEC III

REQUIREMENTS; REQUIREMENTS FOR AVSEC IV AND WHAT SECURITY .
MEASURES THAT WOULD IMPOSE).
Though civil aviation security authorities at the FAA received a steady stream of data U^Lu- j V'
from the intelligence community throughout the year leading up to September 1 1 , 200 1 , i-~. (Ku
an in-depth study of the FAA's Intelligence Case Files, Intelligence Notes, security v
briefing documents, and supporting files, as well as interviews with key FAA intelligence
and civil aviation security officials produced no documentation nr other evidence to
suggest thatIhe_F-AA-êssessgd intelligence prior to September 1 1, 2001 that a plot to
juiackcommercial aviation and use them as weapons ofjnass_destruction against
InTEeUnited States^ was in the offing.
Nevertheless, FAA security analysts did perceive an increasing terrorist threat to U.S.
civil aviation at home. Numerous FAA documents, including agency accounts published
in the Federal Register, security directives to air carriers and airports, and intelligence
files produced by the agency's Office of Civil Aviation Intelligence clearly expressed the
FAAls_understandingthat terrorist groups were active in the United States and
maintained a historiclnterest in targeting aviation, including hijacking.
Despite these facts, the FAA deemed that the threat was predominantly against U.S.
carriers operating overseas. (PLACEHOLDER PENDING A ROLL-UP OF EVIDENCE
ON WHY THEY BELIEVED THIS TO BE THE CASE; AND THE NATURE OF
TABLE TOP AND OTHER EMERGENCY EXERCISES AT FAA—SEE MANNO &
McDONNELL MFR's) To the extent that a domestic U.S. threat was perceived, it was
considered to be most likely in the form of a non-suicide bombing. (PLACEHOLDER
FOR SUMMER 2001 SD's AND IC'S SUBSTANTIATING THIS POINT)
Nevertheless, the possibility of a suicide hijacking occurring in the United States was
considered by civil aviation security authorities. Prior to September 11,2001, the FAA
produced a CD- ROM presentation for air carrier and airport authorities describing the
increased threat to civil aviation. The presentation cited the possibility of suicide
hijacking but stated that "fortunately, we have no indication that any group is currently
thinking in that direction." 10
-^ UfUJt. •Cju-eJ
, « > Moreove^the FAA^was aware of previous threats to conduct suicide hijacking, including
the use of aircraft as a weapon of mass destruction in plots associated with Usama Bin
Laden who had declared war against the United States in 1996 and 1998. The FBI, ^
however, had deemed the threat to civil aviation domestically to be "low."
(PLACEHOLDER: RECEIVED TESTIMONY ABOUT THE FBI ESTIMATE;

WORKING TO DEVELOP EVIDENCE).
/* A. •*.*<
(PLACEHOLDER FOR DESCRIPTION OF SD'S AND IC'S THAT SUMMER AND
C '
OF OPEN INTELLIGENCE CASE FILES)

9
ll
In August. 2001 FAA officials were informed that thp FRT had arrested Zacarias [..
^n^
.I
^ % JP
LV, </ f>. '
Moussaoui, a foreign flight school student in the United States suspected of being a (d u.
potential "suicide hijacker." While the FBI's agent handling the case reported to
•In D-*/i-" headquarters that Moussaoui may be involved "with others" in a "suicide hijacking" plot,
fHiV*
**L
-> •
the F-A^Vs liaison to the FBI dismissed the report as mere speculation and deemed the
matter to be under control with the arrest of the subject.
51'V
M Jf '
(PLACEHOLDER TO SEE WHETHER THE LIAISON TALKED WITH THE
ARRESTING AGENT ABOUT HIS SUSPICION OR WHETHER THE FAA SHOWED
.Jf*\Y INTEREST IN PURSUING THE MATTER AT ALL).
v 1 *L»* »
; .yC ^ V \ pj • ^^, Neither the liaison nor his supervisors at the FAA were aware of a report sent to FBI
headquarters by a Special Agent in Phoenix expressing his suspicions about flight school
students attending flight school in the area. Neither were they aware of a 1996_request_of_
a tasking by the FBI to two dozen field offices to monitor flight schools for suspicious
activity, or a 1998 memo to headquarters from the Oklahoma City Field Office
expressing concern about flight training by Middle Eastern subjects.
S"
PLACEHOLDER TO CONFIRM WITH HARD EVIDENCE THE 1996 TASKING
AND THE 1998 MEMO FROM OKLAHOMA CITY)
(PLACEHOLDER FOR OTHER KEY INTELLIGENCE ISSUES PENDING

EXAMINATION OF THE FAA ICF'S/Intelligence Case Files)
Without intelligence information to uncover and interdict a terrorist plot in the planning
stages or prior to the perpetrator gaining access to the aircraft hi the lead-up to September
11, 2001, it would be up to the other layers of aviation security to counter the threat.
Prescreening
(PLACEHOLDER: LOOKING TO SEE IF WE CAN CONFIRM THAT ALL THE

MAJORS WERE AUTOMATED) As of September 11, the list of individuals FAA
sought to prohibit from flying was comprised of 12 people, including subjects wanted hi
connection with the 1995 plot to blow up a dozen U.S. aircraft in the Pacific, among them
Khalid Shaikh Mohammad (the admitted mastermind behind the attacks of September 11
2001). Another list contained six, individuals who wer*reqiiir<*Htr> iwiv* a r^gimrn-°f
enhanced screening, including, physical search before being allowed to board a
commercial aircraft.
Checkpoint screening
The summer of 2001 brought no relief about concerns related to poor checkpoint
screening. In its final rulemaking action of July 17,2001 seeking to update the basic
security requirements for airlines and airports, the FAA itself noted that, "publicity about
problems with U.S. domestic civil aviation security measures increases the potential for
attack here."11

10
Despite the shortcomings in the system, the fact that neither a hijacking nor a bombing
had occurred domestically in quite some time was perceived by many within the system
as confirmation that it was working.12 This in part explains the view of the Department of
Transportation's chief of intelligence and security who testified to the commission that
"we thought we'd won" the battle against hijacking.
Accordingly, most of the FAA's safety emphasis and resources leading up to September
11, 2001 were focused on the continuing effort to deploy explosives detection systems to
screen checked bags. (PLACEHOLDER TO SEE IF PPBM WAS JUST FOR
SELECTEES OR ALL PASSENGERS AT CAT X) (rU— -^ ' — I-—* &*~ ^ °^3—"\t Pro
Under the "layered" approach to aviation security, should a terrorist or criminal

successfully defeat checkpoint screening which the facts showed was well within the
realm of probability, the back-up line of defense was in-flight security resources and
procedures. By 2001 no Federal Air Marshals were assigned to domestic flights.13
Although suicide terrorism had been in vogue over many years, based on past experience
hijacking was presumed not to be suicidal, and while efforts were underway to more
aggressively protect air crew against air rage under the FAA's flight standards rules the
hijacking protocol under aviation security regulations called for appeasement based on
o the presumption that hijackers had no suicidal intent.
The Challenge
The facts show that on September 1 1 , 200 1 :
• Checkpoint screener performance and the detection rate of prohibited items at

airport checkpoints was generally poor, and these facts were widely known.
• An entire range of deadly weapons were undetectable: by the screening equipment
in place at screening checkpoints.
• "Selectees" of the passenger prescreening risk profiling system were subject only
to an explosive search of their checked bags, meaning that even those considered
more than a minimal risk to the aircraft were not subject to additional scrutiny of
their person or carry-on baggage.
• The official aircrew protocol for hijacking was one of cooperation and
appeasement.
Accordingly, the challenge for would-be hijackers of domestic flights of U.S. civil
aviation air carriers boiled down to: avoiding prior notice by the American intelligence
and law enforcement communities, carrying weapons that were either permissible or not
detectable by the screening systems in place, and understanding the in-flight hijacking
protocol. A review of publicly available literature and/or the use of "test runs" would
o likely have improved the odds of achieving those tasks.

11
Plotters who were determined, highly motivated individuals, who were largely immune to
whatever "deterrent" value was possessed by the civil aviation security system, who
escaped notice in FAA Security Directives (which essentially supplied the pre-9/11 "no
fly" lists for the air carriers), who used weapons with a metal content less than a small
handgun, and who did not conform to the traditional, non-suicide hijacking paradigm
were likely to be successful in hijacking an aircraft.
###

12
CIVIL AVIATION SECURITY

PRELUDE TO 9-11
Evolution of the aviation security system
The story of how terrorists on September 11,2001 were able to hijack four U.S. civilian
jetliners and use them as weapons of mass destruction against the American homeland
begins with fundamental questions about the status of the civil aviation security system
that was supposed to stop them.
• How did the U.S. civil aviation security system evolve to achieve its status as of
September 11,2001?
• Who was responsible for setting, implementing and enforcing aviation security
policies and procedures?
• What did civil aviation authorities perceive to be the security threat to commercial
aviation, the vulnerabilities of the nation's aircraft and airports to terrorism, and
the consequences of a successful attack? And what did they do about it?
• Precisely what security measures were the hijackers required to defeat in order to
execute their crime on September 11,2001?
Accurately answering central questions about the nature and quality of the civil aviation
security system in place on September 11,2001 requires a clear understanding of the
history from which that system evolved—an analysis that hi turn will shed important
light on the system serving the United States today.
From its infancy in the early 20th century when a small fleet of bi-planes transported U.S.
mail point-to-point across the country to the present era in which thousands of jet aircraft
carry millions of people and their property to far-flung destinations across the globe, U.S.
civil aviation has been the target of crime.
While many different forms of unlawful activity have affected U.S. airports and aircraft,
the two primary security threats have remained consistent over the system's history — air
piracy, most commonly referred to as hijacking, and sabotage, primarily hi the form of
bombing.
Whether hijackers or bombers, the perpetrators of violence against commercial aviation

have generally fallen under one of three categories:
• Criminals in pursuit of some personal goal or financial gain, such as repatriation

or the collection of insurance money
• Deranged individuals striking out irrationally
Q • Terrorist groups and affiliates, either state or non-state sponsored, that are
organized and financed to pursue a particular political, religious or social cause.14
13
Aviation Security author Andrew Thomas summed up the endemic threat to civilian
airport facilities and commercial aircraft when he wrote in 2003:
Aviation provides a tremendous amount of opportunity to individuals or groups seeking

to achieve their violent ends...Criminals have traditionally looked upon aviation as an
environment ripe with offerings. Billions of tons of cargo, hundreds of millions of
passengers, and the ability to move easily...For terrorists, aviation has long been a target
rich environment and international stage to trumpet their political, social or religious
beliefs.15
The evolution of the U.S. civil aviation system leading up to September 11,2001 is a
story of cause and effect. As the prevailing threat to aviation security manifested itself
through attacks on the system, the focus of the nation's defense of airports and
commercial aircraft changed. The composition of the security system continued to
accrete and evolve in reaction to the latest incident, changing public priorities and the
myriad of economic, political and social influences that shape public policy.
It is the story of elemental tensions and the tug of war between competing prerogatives
inherent in public and corporate policy setting: cost versus effectiveness; regulation
versus laissez faire; precaution versus response; perception versus reality; and the
continuous clash between economics and public safety.
In the four decades leading up to September 11,2001, the origins, intensity and tempo of
the security threat to the world's civil aviation system, particularly the terrorist threat,
was heavily influenced by international political factors and circumstances:
• Persistent religious and political turmoil in the Middle East beginning in the
1960's, which created a breeding ground for numerous attacks on civil aviation
across the globe in the years to follow.
• The fascination with hijacking by Cuban ex-patriots in the late 1960's and early
1970's, which resulted in the commandeering of over 170 aircraft hi the four-year
period between 1968 and 1972.
• The violent designs of rogue states especially in the 1980's, epitomized by the
downing of Pan Am 103 by Libyan terrorists hi 1988.
t Ethnic and regional conflicts unleashed by the end of the Cold War in the early
1990's.
• The proliferation of highly capable terrorist groups willing to target civilian

populations in pursuit of extreme political or religious aims, that gave rise to the
1994 plot by Fundamentalist Islamic Extremists to blow-up 12 U.S. aircraft over
the Pacific.16

14
The desirability of America as a target for attack was enhanced by U.S. superpower status
and the far-flung reach of the nation's aviation system:
While the frequency of attacks upon U.S. civil aviation waxed and waned in the years
following the system's creation in 1926 with passage of the Air Commerce Act, by the
evening of September 10,2001 a total of (#) U.S. flagged commercial aircraft had been
the target of attack, including # of bombings, # of hijackings. (#) aircraft had been
destroyed and # of people had lost their lives as the result of criminal and terrorist
actions. Over that same period (#) foreign flagged aircraft had been destroyed and # of
lives had been lost in attacks overseas.17 (PLACEHOLDER FOR EXACT NUMBERS
TO BE PROVIDED BY FAA/TSA).
The vulnerability of U.S. airports and civilian aircraft to violent attack at any point in the
system's history was a function of the changing mix of security measures in place to
counter the prevailing threat, including the criminal and terrorist tactics. In general,
however, the vulnerability of aviation to attack was constantly intensified by the rapid
pace of technological advancement.
The development of improvised explosive devices (IBD'S) and_plastic weaponry ^"

increased the system vulnerabilities, even as layers of security utilizing advanced
technology were deployed to help counter violent threats, such as metal detectors and
explosives detection equipment for checked baggage.
As the size and reach of the civil aviation industry grew so did the system's exposure to
attack and the consequences of violence. By the year 2000, U.S. airlines were conducting
25,200 flights per year throughout the world carrying 1.8 million passengers (1.6 million
of whom were domestic), with an estimated economic impact of over $800 billion in
GDP (8 percent of the total) creating approximately 10 million jobs.18 Not until the year
following the events of September 11,2001 did the domestic passenger load ever
experience an annual decrease in the United States.
The consequences of an assault on civil aviation also intensified as it became more and
more clear that terrorists were seeking to maximize the casualties of their attacks. This
trend was illustrated by the 1993 bombing of the World Trade Center, the 1997 bombing
of the Federal building hi Oklahoma City, the 1998 bombings of the U.S. embassies hi
Africa and the foiled 1995 Bojinka plot by Ramzi Yousef, an Al Qaeda affiliate, to
destroy 12 U.S. airliners simultaneously through coordinated bombings.
Not until the downing of Pan Am 103 hi 1988 and the response to the disaster, was the
framework of civil aviation security system that was in place on 9-11 fully in effect —
the product of a complex evolution.
U
15
Formative Years: Lead-up to Pan Am 103: 1926-1988

The initial framework for U.S. commercial aviation policy was set forth by the Air
Commerce Act of 1926 when this audacious new form of public transportation was
beginning to take wing.
Section two of the law set out the policy objectives of the Act that included the
establishment of aviation facilities and aids to navigation, the development of air
commerce, and the investigation of accidents.19 The law contained no provision for
securing aircraft or airports from criminal attack and "in the earliest days of
aviation., .aviation security was only a minor concern."20
In this early era, public policy makers focused their attention on issues related to the
promotion, operational safety, efficiency and dependability of the fledgling industry. The
formulation of a comprehensive agenda for preventing criminal and terrorist attacks upon
aviation was not perceived as a pressing priority.
The lack of focus on security issues in these formative years stemmed partly from the
relative rarity of security incidents, particularly those conducted within U.S. jurisdiction.
From 1947 to 1967, commercial aviation was the target of 65 attacks worldwide, 13 of
which were perpetrated by terrorists. Both the number of attacks and the percentage of
those sponsored by terrorists would increase dramatically in the decades to follow.21
From 1926 to 1967, the United States experienced a total of 14 criminal attacks on
commercial aircraft, nine hijackings (the first of which occurred in 1961), and five
bombings of U.S. air carriers.2
Bombs and criminals / ~!C
Although the number of hijackings was slightly greater in this era, domestic bombings
were perceived as the more serious threat, primarily because they involved greater loss of
life. The most catastrophic air disaster in this early period occurred in 1955, when a
United Airlines aircraft was destroyed soon after takeoff by a dynamite bomb that had
detonated in the baggage compartment, killing 39 passengers and five crewmembers.
The motive for the crime was insurance fraud.23 Another sabotage incident, also related
to insurance fraud, occurred in early I960.24
In response, the FAA moved to limit the amount of airline trip insurance coverage
passengers could obtain, while certain air carriers implemented programs to screen
baggage for explosives. (PLACEHOLDER: WHAT MEASURES; WHICH
CARRIERS AND WHY) The combination of these measures was thought to have been
effective in countering the bombing threat at that time, with an FAA report indicating that
"domestic airline sabotage declined until there were no fatal incidents in the 1970's."25

16
Through this period airlines and airports gave security matters little attention. The main
thrust of activity was to implement low-technology security applications, such as airport
fences, intended as a safety measure to separate aircraft from wildlife rather than
terrorists.26
For the most part, the federal government in general, and the Department of Commerce in
particular maintained its focus on safety regulation, air space management and industry
management, while the security function for commercial aviation such as it was remained
vested with the air carriers and the local jurisdictions that owned the nation's airport
facilities.
(PLACEHOLDER: WHAT WAS THE SECURITY PRACTICE AT THE TIME;

WHAT WAS REQUIRED BY REGULATION UP TO 1958 AND THE FAA)
Even after Congress established the Federal Aviation Agency in 1958 to oversee the
rapidly growing civil aviation industry and prepare for the coming era of jet commercial
aircraft, security was barely a blip on the new agency's radar screen. The FAA's focus
continued to be dominated by the issuance and enforcement of safety regulations and air
traffic control.
The FAA's founding statute contained a declaration of policy setting out five priorities
centering on promoting the development of the industry and aeronautical safety of civil
aviation operations. The Act's security provisions were focused on issues of national
defense, such as the zoning of airspace to protect defense operations. The idea that
commercial aviation might be a special target for violent attack, and given the fragile
nature of the enterprise, might require special precautions was not reflected in the law.
The role of the FAA's Office of Investigations and Security was confined mainly to the
certification of airline employees for training and technical capability, the flight crew
inspections and investigations of airports and aircraft facilities and the distribution of
security information. Not until jgTOjvas the office re-designated as the Office of Air
Transportation Security and given the responsibility tft Hpa1 w'*h "hijarVing security,
bomb threats, aircraft and cargo security, and for developing and implementing Horrent
systems for theprevention of criminal acts against air transportation."27
Early Vectors of Aviation Security
The first major effort to address criminal assault of aircraft and aviation facilities was
undertaken in 1961 when Congress passed legislation to impose specific criminal
penalties for interference with air operation, including the death penalty hi aggravated
cases. To help enforce these new criminal statutes the FAA trained a special force of
safety inspectors for duty aboard commercial flights when requested by Airline
management or the Federal Bureau of Investigation. This cadre of aviation law
enforcement officers was the forerunner of the Federal Ah- Marshal program. 28
y
17
In August 1964, the FAA implemented a rule requiring the "closing and locking" of crew
compartment doors of commercial passenger aircraft to deter cockpit intrusion.9
(PLACEHOLDER: WHEN WAS THIS RULE REPEALED)
(PLACEHOLDER: BE MORE SPECIFIC ABOUT THE RULES/STANDARDS

AND SECURITY PROCEDURES IN 1958, EVEN AFTER THE FAA ACT).30
(PLACEHOLDER: HOW WAS BAGGAGE SCREENING IMPROVED; WAS

THIS THE FIRST FORM OF BAGGAGE SCREENING.WHAT WAS THE
LEVEL OF FEDERAL INVOLVEMENT. WHAT WAS THE BREAKDOWN OF
SHARED RESPONSIBILITY. HOW DID THE SYSTEM RESPOND TO THE
BOMBING THREAT)
(PLACEHOLDER: EXPLAIN THE GROWTH IN THE IDUSTRY; THE

CREATION OF THE FAA; AND THE SECURITY APPROACH, IF ANY OF
THE FAA ACT) (GIVE AN EXAMPLE OF WHAT THE SYSTEM LOOKED
LIKE)
(PLACEHOLDER: WHEN DID IT BECOME SPECIFICALLY ILLEGAL TO

BRING A WEAPON ON A PLANE, RATHER THAN JUST MISUSE IT OR TO
HIJACK A PLANE SPECIFICALLY, RATHER THAN PROSECUTED UNDER
SOME OTHER CRIMINAL STATUTE LIKE KIDNAPPING OR WHATEVER?
CHECK WELLS BOOK—AND GET QUOTE FROM PAGE 17. ADD /
SOMEWHERE THAT IT WAS NOT A CRIMINAL OFFENSE TO CARRY A
WEAPON ON BOARD, ONLY PROHIBITED).
The Hijacking Epidemic
Beginning in 1968, the threat to civil aviation took a distinctive turn as hijacking began to
take center stage from sabotage as the primary threat to civil aviation.
Between 1968 and 1972 the commercial aviation system in the United States, both
foreign and domestic, suffered an epidemic of hijackings carried out predominantly by
individuals seeking transport to Cuba.31 One hundred seventy three U.S. flagged aircraft
were hijacked during this period compared to two bombing incidents over the same time
span.32
The late 1960s and early 1970s also brought the early stages of the terrorist threat to U.S.
civil aviation. The first terrorist hijacking of a U.S. air carrier and the first terrorist
bombing of a U.S. ah* carrier occurred in August 1969 and September 1970 respectively.
The incidents were described as "relatively simple affairs involving one or two people
armed with pistols and hand grenades."33 It should be noted, however, that the latter
event actually represented the simultaneous destruction of two U.S. airliners (a TWA
flight and Pan Am 93) in two different countries (Jordan and Egypt, respectively). Two
foreign carriers were also destroyed the same day. The Popular Front for the Liberation
of Palestine (PFLP) was responsible in all four cases.34 By the mid-1980s U.S. air carriers

18
would face "an increasingly sophisticated and lethal threat from three different terrorist
sources: radical Palestinians, state sponsors of terrorism, and radical Islamists."35
The rash of incidents produced a public demand for action. In 1970, President Nixon
responded by ordering the stand-up of a Sky Marshal Program designed to place armed
federal agents on board commercial aircraft. The original 1,300 marshals were a
temporary force drawn from FAA, Bureau of Customs, FBI, CIA and Military personnel.
A corps of officers recruited and trained by the U.S. Customs Service, called Customs
Service Officers (CSOs), subsequently replaced them. The FAA's Director of Civil
Aviation Security assigned these agents to flight duty. The Sky Marshal force began to
be phased out not long after reaching its fully authorized strength of 1,500 in August of
1971 because of perceptions that a new passenger screening system was effectively
dealing with the hijacking threat.36
Prior to the creation of the air marshal program, FAA Administrator Dave Thomas had
created the FAA Task Force on Deterrence of Air Piracy, which recommended a program
of passenger screening to stop weapons from being carried on to aircraft. Later that year,
Eastern Air Lines, TWA, Pan Am, and Continental participated in the test of an
"operational screening system for boarding airline passengers" with "weapon-detection
devices" to be used in coordination with "FAA's evolving psychological profile to
identify and isolate suspicious individuals for further surveillance or search."37
^'~\s test was the first step toward a mandatory checkpoint-screening regimen at the
'-•^/ nation's airports designed to keep dangerous items off of aircraft using metal detection
devices, which was to be seen as the central line of the aviation security system's
defenses against hijackings all the way to the present day.
The psychological profiling component was the antecedent for future efforts to identify
potentially dangerous individuals who posed a threat to aircraft, hicluding the system
known as the computer-assisted passenger prescreening system (CAPS), that was in place
on September 11,2001.
At this stage, however, use of the hijacker profiles was voluntary for U.S. air carriers and
was accorded a "low priority" by them.38 No final resolution had been reached as to who
(the federal government, the airlines or local airport authorities) should conduct and pay
for passenger profiling, weapons screening and checkpoint security.39
While the question of roles and responsibilities in aviation security would continue to be
controversial over the next 30 years, the issue of who would be responsible for passenger
screening and checkpoint security was to be resolved by 1972 in a manner that basically
held true until the aftermath of September 11,2001.
Regulation and the Growing Federal Role
In 1972, the testing phase for checkpoint screening gave way to an urgent push for
widespread implementation. On February 1st the FAA issued new rules that required air

19
carriers to screen passengers using one or more measures including behavioral profile.
magnetometer, identification check or physical search. „
Ten months later the FAA tightened the rule through an emergency order requiring that
every passenger be screened either by magnetometer or physical search to prevent
weapons and other dangerous items from being carried onto aircraft.40 The following
year, Congress codified the mandatory screening order with amendments to the Federal
Aviation Act.41 Mandatory checkpoint screening using detection equipment as a primary
layer of commercial aviation defense was born.
The rule included (PLACEHOLDER: ADD ENFORCEMENT MECHANISM AND

PENALTIES AVAILABLE), on top of a March, 1972 rulemaking by the FAA making
each air carrier permit to operate contingent on its compliance with security regulations.
The/4i> Transportation Security Act of 1974
The wave of anti-hijacking policymaking by both the legislative and executive branches
of government in this period culminated with passage in 1974 of the Air Transportation
Security Act. Known also as the Antihijacking Act of 1974, the law codified a range of
checkpoint screening rules for air carriers and other "security policies and procedures that
had already been put into effect at the nation's airports by FAA regulations and
directives," including the provision of a law enforcement presence by airport operators.
In addition the law imposed new civil and criminal penalties for the unauthorized
carriage of weapons onto commercial aircraft, imposed a mandatory death penalty for
hijackings hi which loss of life resulted.
While criminal statutes prohibiting air piracy and aircraft sabotage fell under the
jurisdiction of the FBI, Congress assigned to the FAA "exclusive responsibility for the
direction of any law enforcement activity affecting the safety of persons aboard aircraft in
flight." This sought to resolve a jurisdictional dispute between the FBI and the FAA over
the issue, and was subsequently implemented in a 1975 Memorandum of Understanding
(MOU) between the heads of the two agencies.43
(PLACEHOLDER FOR THE ESTABLISHMENT OF THE AVIATION

SECURITY SECTION OF TITLE 49 OF THE USC, and 14 CFR)
The law also implemented the 1971 Hague Convention on international hijackings and
sabotage calling for the apprehension and prosecution or extradition of aircraft hijackers
and saboteurs.
The Act did not include a Senate-approved provision "providing $35-million a year for
two years to establish under the Federal Aviation Administration (FAA) an air
transportation security force" to enforce aviation security law and conduct passenger
screening at the nation's largest airports.45 The Senate proposal, authored by Senator
Howard Cannon (D-NV), Chairman of the Senate Aviation Subcommittee, and supported
by the airlines

20
envisioned Federal law enforcement officers as supporting air carrier screeners, not
performing the screening functions themselves. They would only search after a bag or
person alarmed a metal detection device and then only after consent was given.46
The creation of a federalized screening force was to be revisited by Congress 30 years

later in the legislative aftermath of the September 11, 2001 attacks.
International Response
Concurrent with U.S. efforts to address the hijacking threat at home, the problem was the
focus of attention internationally.
In 1 974, the International Civil Aviation Organization (1C AO) that had been created in
1944 by international convention to establish International Standards and Recommended
Practices (SARP's) covering 18 technical fields of aviation, including security standards,
published Annex 17. Annex 17 established a basic security program of minimum
obligations imposed on air carriers, airports and member nations. To assist the
international community in implementing the Annex, ICAO published the Security
Manual for Safeguarding Civil Aviation Against Acts of Unlawful Interference that was
updated five times between 1974 and 2001, most recently in 1996.47
While a large and growing body of international law and customs had been developed
over the years with the goal of providing aviation security, the success of this effort
remained in question. Writing in 1999, Rodney Wallis, former Director of Security for
the International Air Transport Association (IATA) and a participant in the drafting of
several revisions to Annex 17 to the Chicago Convention, concluded:
r~\ Unhappily, despite ICAO's efforts, effective security exists in only a minority of
' countries around the world. It is frequently missing, even from those states which
comprise ICAO's governing council. ICAO's strategic action plan has the potential to
overcome this shortcoming, but to do so it will have to effectively promote its products
around the world. Practice has shown that it will require hard work to persuade many
states to enhance their individual security efforts.4*
Standardized Security
With a large new body of aviation security law, rendered by acts of Congress and
international convention, the air carriers sought a program by which the industry could
uniformly implement its security responsibilities.
In 1975, under the auspices of its umbrella trade organization, the Air Transport
Association, the industry authored a standard security program for all air carriers. The
program set out (PLACEHOLDER: GIVE THE ESSENTIAL ELEMENTS. SEE
CHRONOLOGY)
U
21
The FAA approved the plan and officially designated it as the Standard Security
Program, later renamed as the Air Carrier Standard Security Program (ACSSP).49 This
document became the baseline for aviation security activities undertaken by the industry
to implement the body of civil aviation laws and regulations. Subsequent changes in
aviation security policy would not only amend the relevant code of federal regulations
pertaining to air carriers (originally, in 1972, under 14 CFR Part 121.538, but
subsequently under 14 CFR Part 108, which went into effect in September of 198150) but
referred to the corresponding changes necessary in the ACSSP.
A similar baseline plan, known as the Airport Standard Security Program, was
A / .j established for airports and was carried out pursuant to 14 CFR Part 107, "Airport
L •*.( •*- Security," which went into effect in 1973.^
g i^-t^- The security operations of the airports and air carriers on September 11,2001 were
• ^- "*> . guided by the terms of these standard security programs.
State-Sponsored Terrorism and Aviation Security
It was during the epidemic qf hijackings the provoked the spate of new laws, regulations
and international efforts to shore up aviation security that international terrorists joined
criminal elements in targeting U.S. civil aviation, mostly overseas.
The first terrorist hijacking of a U.S. air carrier occurred in August 1969
(PLACEHOLDER: NAME AND REFERENCE THE INCIDENT; JENKINS SAYS
1968), and the first bombings of U.S. air carriers overseas occurred in September 1970
(PLACEHOLDER: NAME AND REFERENCE THE INCIDENT. SEE
CHRONOLOGY)
These attacks were relatively simple involving one or two people armed with pistols and
hand grenades. By the mid-1980s, U.S. and other air carriers faced an increasingly
sophisticated and lethal threat from three different sources: radical Palestinians, state
sponsors of terrorism, and radical Islamists.52 Examples are:
On June 14,1985, TWA Flight 847 from Greece was hijacked to Lebanon; U.S. Navy
diver Robert Stethem was killed by the hijackers, who were Lebanese Shiites.
On June 23,1985, Air India Flight 182 from Toronto and Montreal crashed at sea after an
explosion in the front cargo hold. AH 329 passengers were killed. On the same day at
Tokyo's Narita Airport, a checked bag designated for an Air India flight exploded, killing
two baggage handlers. Sikh extremists were suspected.
On November 23,1985, an EgyptAir flight was hijacked enroute from Athens to Cairo
and diverted to Malta. After several passengers were shot, including three Americans, an
Egyptian commando unit stormed the plane. Fifty-nine of the 96 passengers died in the
gun battle and fire. The hijackers were three Arab males.
On December 27,1985, simultaneous attacks occurred at two European airports in open

terminal areas. Sixteen people were killed and 74 wounded in the Rome airport; three

22
~" persons were killed and 45 wounded in Vienna's airport. The hijackers were members of
; the Abu Nidal organization.
On April 2,1986, a bomb onboard TWA Flight 840 from Rome, Italy exploded. Four
passengers (all Americans) were killed but the flight made a safe landing in Athens.
On September 5, 1986, terrorists assaulted Pan Am Flight 73 in Karachi, Pakistan.

Terrorists had dressed similarly to airport security personnel. After an auxiliary power
unit failed, the terrorists opened fire on the passengers, killing 27 and injuring 125. The
hijackers were members of the Abu Nidal organization. This was the last terrorist
<*~ \.'<,. hijacking of an American air carrier prior to September 11, 2001.
n . VvV -^ f l ' on November 29, 1987, a bomb exploded on Korean Airlines Flight 858. All 115
* passengers and crew were killed. The perpetrators were North Korean agents.53
The terrorist threat worldwide to aviation, as well as other symbols of U.S. power
and prestige, began to grow and was the focus of various national security policy
directives.
Terrorist Policy and the New Threat
In 1985 President Ronald Reagan issued National Security Decision Directive 207
setting out a broad U.S. policy in response to the growing threat of terrorism.
This directive resulted in the creation of a new branch of the FAA in 1986
I responsible for gathering intelligence and assessing the threat to civil aviation and
'"*"**' providing threat information to the industry and policy makers.
(PLACEHOLDER: DESCRIBE THE INTELL OFFICE AND ALSO THE

INCREASING TERRORIST THREAT ACROSS THE GLOBE. PERHAPS
SOME LANGUAGE ASSOCIATED WITH THE STAND-UP QF THE
INTELLIGENCE FUNCTION AT FAA WOULD SERVE THIS PURPOSE)
Even before the growing terrorist threat had exacerbated the security risk to
aviation, many experts questioned whether the FAA was functionally capable of
performing the safety and security role with which it was vested.
The period leading up to 1988 is summarized by Alexander T. Wells in his history

of Commercial Aviation Safety.
Until the late 1960's and early 1970's, airlines and airports gave security matters little
attention. Low-technology security applications, such as airport fences, were intended as
a safety measure to separate aircraft from wildlife rather than terrorists. Eventually, a
few air carriers were hijacked to Cuba. This led to a great deal of money being spent on
security by the air carriers and the FAA on x-ray systems, magnetometers, training
programs for screening personnel, and air marshals, after which the relative level of
security immediately rose. In the United States, the threat of hijacking, as well as the
actual incidences of hijackings, diminished over time, giving way to more frequent
occurrences of both threats and actual assaults against American flag carriers in Europe,
: I Asia, and Africa, peaking with the bombing of Pan Am Flight 103 over Lockerbie,
^-^ Scotland, in December 1988.54

23
Pan Am 103 (1988): New Threat and the National Response

On December 21, 1988 a terrorist bomb, concealed in a checked bag unaccompanied by
the Libyan agent who planted it, exploded in the cargo hold of Pan Am Flight 103 over
Lockerbie, Scotland killing 270 people.55
Shortly after the incident, the Administration's top anti-terrorism official, Paul Bremer,
testified that the Pan Am 103 disaster reflected a new trend in aviation terrorism toward
sabotage and away from the customary hijacking threat.56
In the words of the textbook, Commercial Aviation Safety,
The decade of the 1980s was a disastrous one for aviation. The period confirmed the
existence of a dangerous trend toward greater violence against air transportation.
Overall, 25 planes were sabotaged by explosives, causing 1,207 casualties as compared to
650 deaths caused by 44 explosions in the 1970s and 286 deaths in the 1960s.57
New Focus on Aviation Security
In response, the Administration announced a battery of initiatives to strengthen anti-

explosives procedures at facilities considered high-risk, located mostly overseas. The
procedures included mandatory x-ray screening of all baggage and a 100 percent
passenger/bag match requirement.58
(PLACEHOLDER: GIVE A FEW SENTENCES ON THE PROCEDURES AT

FOREIGN AIRPORTS VIZ A VIZ U.S. AIRPORTS. THIS IS IN THE AIR
CARRIER STANDARD SECURITY PROGRAM).
Four months after the downing of Pan Am 103, Secretary of Transportation Sam Skinner
announced the Department's plan to spend over $100 million to purchase equipment
specifically designed to detect explosives, unlike the x-ray machines in use at the time.59
(PLACEHOLDER: STILL WORKING ON: List number of Security directives, and

rules implemented in 1989-1990; and the general flavor of changes in the ACSSP's to
prove explosives detection was the new emphasis).
On April 3,1989, Secretary Skinner established the Aviation Security Advisory

Committee (ASAC) to be chaired by the FAA Assistant Administrator for Aviation
Security. The Committee was composed of government officials (from the federal and
state levels) as well as representatives of stakeholders in the aviation system (including
airlines, airports, trade groups, aviation employee unions and relevant public interest
groups. It was to serve as an advisory body mandated to make recommendations on
methods, equipment and procedures to improve civil aviation security.60

24
President's Commission on Aviation Security and Terrorism
On August 4, 1989 President George Bush signed Executive Order 12686 creating the
President's Commission on Aviation Security and Terrorism. The panel, composed
primarily of members of Congress, examined the Pan Am 103 disaster and on May 15,
•Q I 199Q issued a comprehensive report, including 64 recommendations to improve aviation
security.61 The Commission concluded that, "the U.S. civil aviation security system is
\y flawed and has failed to provide the proper level of protection for the traveling
£ public."62
r?
In November of 1990, Congress passed the Aviation Security Improvement Act (PL 104-
604) to implement a number of the Commission's key recommendations. These included
the creation of several new aviation security and intelligence billets; mandatory agency
reports on aviation threats and system vulnerability; and, new FAA authorities to impose
security measures at airports, including flight cancellation.63 (PLACEHOLDER:
LEGISLATIVE RECOGNITION OF THE ASAC)
Notably the legislation also implemented a key commission recommendation with regard
to performance problems with the TNA units sought by Secretary Skinner and the
Department of Transportation, requiring that Explosive Detection Systems not be
deployed until the Secretary could certify their reliability or otherwise assure they
contributed to security.64
Plots and Threats
In the period after the implementation of the new aviation security system as prescribed
by the Presidential Commission and enacted by Congress, the evidence seemed to
suggest that threats to domestic civil aviation had been dealt with effectively, and the
remaining risk was primarily overseas. For example, between 1992 and 1996, there were
a total of 89 hijacking incidents, of which none either occurred in trie United States or
involved a U.S. air carrier. During that same period, two bombings and two attempted
bombings of civilian aircraft occurred, once again all overseas and all involving non-U.S.
air carriers. However, one of these (the December 1994 bombing of a Philippines
Airlines aircraft) later proved to be a test-run of a plot devised by Ramzi Yousef to place
explosive devices on twelve U.S.-registered aircraft flying routes in the Western
Pacific.65
An accidental fire in a Manila apartment in the early morning hours of January 7,1995
led to a discovery by Filipino police of what appeared to be a "bomb factory," plus a
number of documents. At first, suspicion turned to a possible bomb threat against the
Pope who was to visit the city two weeks later, but whftn T T g "ffHa1* wp™»•^W** *'", an.
FAA security representative recognized a series of numbers on one of the documents as
flight codesv which helped lead to the realization that th*» pint farf h*^ tn fa^h foHy*
_747sôwned bv United. Delta and Northwest, on flights originating in Manila. Tokyo.
Singapore, Bangkok, Taipei and Seoul. A laptop computer in the apartment which

25
contained much of the plot details was subsequently traced to Ramzi Yousef, architect of
the 1993 World Trade center bombing.
An FAA official, Cal Walbert, was able to figure out the bomb assembly to have been
used in the plot, and then "for three weeks, aviation authorities in the United States and
\c hectored and cajoled airline officials, demanding that they push their people
I to iinprgpedented levels of vigilance and intrusiveness. and industry officials, who could
j seldom remember the authorities being so agitated, responded." Ramzi Yousef was
"* arrested on February 7,1995 in Islamabad, and after several months had passed without
incident, the heightened security measures were eased.66
After the discovery of the Bojinka plot and the linkage of several of the plotters to Osama
Bin Laden, FAA intelligence was increasingly concerned about Bin Laden's interest in
civil aviation as a target. With Bojinka's mass casualty concept, plus the aviation
security system's knowledge (however incomplete) about the presence of radical Islamic
fundamentalists within the United States, the head of FAA Intelligence, Patrick
McDonnell, thought there was a definite need to tighten domestic, aviatirm gemrity 67
By the mid-1990s, the civil aviation security system in the United States had essentially
reached the configuration in place on September 11,2001. While the response, both
legislative and administrative, to the Pan Am 103 tragedy had indeed beefed up the
FAA's security structure and authorities, and had produced some impetus for deployment
of more advanced explosive detection technology, the overall U.S. civil aviation security
structure where the FAA set and enforced standards while the aviation industry
implemented them.
TWA 800 (1996): Events, Threats and Response

On the night of July 17,1996, TWA flight 800, which had departed from New York's
JFK International Airport bound for Paris, France, crashed into the Atlantic Ocean near
East Moriches, NY killing all 230 individuals on board. Though terrorism was initially
suspected, the National Transportation Safety Board (NTSB) later determined that the
probable cause was an accidental explosion of a fuel tank.68
The Gore Commission final report described the changing threat to civil aviation in this
time period as follows:
The Federal Bureau of Investigation, the Central Intelligence Agency, and other
intelligence agencies have been warning that the threat of terrorism has been
changing in two important ways. First, it is no longer just an overseas threat
i - - •'- . from foreign terrorists... The second change is that in addition to well-known,
L ws-î -J established terrorist groups, it is becoming more common to find terrorists
l^jcuv -"-^M working alone or in ad-hoc groups, some of which are not afraid to die in carrying
C/xJuJ^ • * ' outtheirjjesigns.69
v Notwithstanding the NTSB's findings it was clear even before the downing of TWA 800
~) that the United States was facing a new, more dangerous, threat environment as

26
illustrated by the 1993 bombing of the World Trade Center in New York, by radical
Islamic fundamentalists.
A New Domestic Aviation Security "Baseline"
Aviation authorities were not ignorant of this new threat. In response to a perceived
increase in the domestic threat, in thejast half of 1 995. DOT Secretary Pena asked FAA
to require airports and air carriers within the United States tn i
measures.
"In part because of disruptions in airline and airport operations caused by contingency
plan-based security measure adjustments,"71 in July of 1996 FAA's Aviation Security
Advisory Committee jcreated a Baseline Working Group (BWG), composed of federal
officials, representatives of the aviation industry and public interest groups. The BWG's
charge was to "review the threat assessment of foreign terrorism within the United States,
consider the warning and interdiction capabilities of intelligence and law enforcement,
examine the vulnerabilities of the domestic civil aviation system (in particular checked
baggage and checkpoint screening), and consider the consequences of a successful
attack." The goal was "to strengthen the domestic aviation security "baseline" to a level
commensurate with the new threat environment."72
In December 1996 the BWG issued its Domestic Security Baseline Final Report, which
called for "effectiveness," rather than cost or expediency to be the primary determining
factor in establishing a baseline for security. This new system was to be built in to the
standard security programs for airlines and airports, thus making it both more enforceable
from the FAA's standpoint and more predictable from the aviation industry's vantage as
compared to security measures based on temporary Security Directives or Information
Circulars.73 ,, .•„,-
The BWG also recommended an end to "unfunded federal mandates" on the various
components of the civil aviation security system by providing "a Congressional
appropriation from the General Fund" to meet "the full cost of implementing and
maintaining an improved domestic security baseline."74
Finally, it called for a series of measures to rapidly improve the security system, via the
timely deployment of available technologies (including liquid explosives scanning
devices and trace portals for the larger airports), and "institutional and procedural
changes" in the system (including expansion of the Federal Security Manager program,
designation by air carriers and airport operators of a security head "who should be a
senior management official" and streamlining the rulemaking process for security). The
group estimated the ten-year cost of implementing its recommendations to be $9.9
billion.75 ~ ~-
The Office of Management and Budget (OMB) strongly objected to the BWG majority
on the issues of the source and amount of funding to be provided, and submitted me
following statement with respect to these issues:

27
OMB staff strongly disagree with these recommendations. They are inconsistent with the
current practice of FAA programs, contradicting long-standing government- wide budget
policy, and reflect an unrealistic outlook regarding the availability of discretionary funds.
JEitst, aviation iyit"tn nsf rs nirjentlv pay for on-going aviation security rrwts These are
considered to be costs incurred by the private aviation industry for doing business in
modern society... Continuing efforts to balance the budget will significantly limit the
amount of General Fund monies available to support this, or other potentially worthy
expenditures... Finally, a dedicated funding system for operating costs, if not paid by the
users, provides little incentive for cost discipline in the provisions of these services and
will result in waste and increased cost to the public.76
Though the BWG had been conceived of as a way to break the usual cycle of aviation
security measures being driven solely in response to disasters and emergencies, the
Group held its first meeting on the same day that TWA 800 exploded, and its analyses
and recommendations served primarily as a basis for the work of the Presidential
Commission which was established one month later.
White House Commission on Aviation Safety and Security (1997)
In response to mounting concerns about the terrorist threat to aviation, as manifested by

the Bojinka plot and precipitated by the explosion of TWA Flight 800, on August 22,
1996, President Bill Clinton created the White House Commission on Aviation Safety and
Security, chaired by Vice President Gore and commonly referred to as the Gore
Commission.77
The Gore Commission's rn2sLaignifipant s**m"ty rp™m inflations, issnH in February

1997, were^ directed at dealing with the bomb threat. These included:
1) Immediate deployment of explosives detection technology to the airports for

baggage screening.
2) Partial implementation of full bag-passenger match on domestic flights. (This
measure, which had previously been applied overseas, was explicitly linked to the
need to determine the presence of explosives in checked baggage. Under it, a
checked bag was not to be loaded onto an aircraft until it could be matched to a
boarded passenger.)
3) Additional deployment of canine explosives-sniffing teams. (There were 87 such
teams deployed in 1996, not all of which met the same performance standards.)
4) Establishment of automated profiting- Lo identify pa^ngers-s^wko-mfirit additional
M , attention." (The Commission specifically endorsed the automated profiling
$ ^ I lx d-Jv-- ^ \m then "under development by the FAA and Northwest Airlines," which
subsequently became known as the Computer Assisted Passenger Prescreening
System, or CAPPS.)
5) Federal certification of screening companies and minimum training requirements
for screeners.
i J) 6) Elevation of aviation security to a national security issue which should entail
t "substantial" federal funding, defining this to be approximately $100 million a
l year for capital improvements to achieve the Commission's objectives.78

28
Implementation
In the period between 1996 and the end of 2000, the FAA had moved administratively to
implement, or to begin implementation of, each of these major items and many of the
remaining Gore Commission security recommendations.79 However, the lack of more
specific requirements and deadlines made it difficult to gauge actual implementation.
Commissioner Victoria Cummock, whose husband had been lost on Pan Am 103,
dissented from the final report. She wrote:
Sadly, the overall emphasis of the recommendations reflects a clear commitment to the
enhancement of aviation at the expense of the Commission's mandate of enhancing
aviation safety and security (emphasis in original)... In summary, our final report contains
no specific call to action, no commitments to address aviation safety and security system-
wide by mandating the deployment of current technology, with actionable timetables and
budgets.8081
For example, rulemaking on screener company certification, which officially began on

January 1,2000, was still not completed as of September 10,2001 (in spite of the
statutory requirements outlined below).82
The Congress generally responded affirmatively to the Gore Commission's, and the
Clinton Administration's, calls for increased funding and tightened regulations for
aviation security.
Passage of the Federal Aviation Reauthorization Act of 1996 followed in the immediate
aftermath of the Gore Commission recommendations. Among the Act's key elements
were provisions to: ,, -v,
• Direct FAA to certify screening companies and improve training and testing of security screeners
• Require criminal history background checks for baggage and passenger screeners
• Encourage FAA to facilitate the interim deployment of available explosive detection equipment
• Encourage FAA, the Department of Transportation, the intelligence community and law
enforcement agencies to assist air carriers in developing passenger profiling programs
• Direct FAA and the FBI to conduct joint threat and vulnerability assessments at least once every
three years at airports determined to be high risk
• Require airports and air carriers to conduct periodic security system vulnerability assessments, and
the FAA to periodically audit such assessments as well as to conduct periodic and unannounced
inspections of airport and air carrier security systems83
Three years later Congress adopted the Airport Security Improvement Act signed into law
on November 22,2000. Its major provisions included:
• Specifying that criminal background checks be done for airport security applicants
• Directing FAA to issue the final rule on the certification of screening companies by May 31,2001
• Establishing new minimum standards for the training of security screeners
• Requiring FAA to work with airport operators and air carriers to improve airport access controls
by January 31,2001

29
Directing FAA to require augmenting the Computer Assisted Passenger Prescreening System by
randomly selecting additional checked baps for screening, and directing the FAA to maximize the
use of explosive detection equipment in this process8^
New Threat, Same System
While recognizing that "the terrorist threat is changing and growing," the Gore
Commission generally ratified the existing system of shared and complementary
responsibilities in civil aviation security and concluded that "because of its extensive
interactions with airlines and airports, the FAA is the appropriate agency" to implement
and oversee aviation security. It sought to make improvements by creating "a new
partnership" between government and industry "that will marshal resources more
effectively, and focus all parties on achieving the ultimate goal: enhancing the security of
air travel for Americans." 5
While Congress appeared to begin to take some tentative steps to re-evaluate and revise
the civil aviation security system, it too essentially accepted the basic, long-standing
elements of that system.
Though the Federal Aviation Reauthorization Act of 1996 formally removed the "dual
mandate" by explicitly making safety and security the FAA's highest priority, the Joint
Explanatory Statement of the congressional conference committee that drafted the final
bill made stated:
The managers do not intend for enactment of this provision to require any changes in the
FAA's current organization or functions. Instead, the provision is intended to address
any public perceptions that might exist that the promotion of air commerce by the FAA
could create a conflict with its safety regulatory mandate.86
A written question submitted by the Majority staff of the Senate Commerce Committee at
the 1997 confirmation hearing of Jane Garvey to be FAA Administrator asked for her
comment about the continuing need to balance the missions of "promoting commercial
aviation as well as aviation safety," even after enactment of the 1996 change in the
FAA's mission statement which formally dropped the promotion mandate. Ms. Garvey
replied, "The FAA's mission is aviation safety. However, this mission can only be
achieved in partnership with industry."87
s-
r The Gore Commission Report, its recommendations and the implementing legislation
constituted the last thrust of aviation security reform prior to the events of September
11th. The security policies and procedures that were in place as of 2000 were essentially
the same ones that operated on the morning of September 11,2001.

30
Institutions of Civil Aviation Security on September 11. 2001
The institutions of the civil aviation system responsible for establishing and
implementing aviation security policies and procedures, the culture of these organizations
and their methods of operating were also well established and can shed light on the
quality of the system in place on 9-11.
Shared Responsibilities
By 1974, the main structure of the civil aviation security system that was in place on
September 11,2001 had been established. It provided for a set of shared and
"complementary" responsibilities, divided among Congress, the FAA, the airlines and
airport authorities.
The FAA was responsible for setting minimum-security requirements governing airports
as defined in (14 CFR Part 108) and air carriers (14 CFR 107) with the power to enforce
the standards through inspections, fines and the power to revoke operational certificates.
Air Carriers were responsible for screening passengers, baggage and cargo; protecting
aircraft from unauthorized access; and for training personnel in emergency procedures
and tactics. The details of how they were to conduct those functions were spelled out in
the Air Carrier Standard Security Program.
The Airports were responsible for providing law enforcement and facility security,
including the control of access to Air Operations Areas (AOA), access control and law
enforcement.88 The details of how they were to conduct those functions were spelled out x
in the FAA approved Airport Standard Security Program. (/J/-o ' *
The Intelligence Community was responsible for identifying threats to national security
and sharing relevant information with the Department of Transportation and the FAA.
Congress was responsible for making aviation security law imbedded primarily in Title
49 of the United States Code, and for performing its oversight function of the &
implementation of those laws. It was also responsible for funding and financing the **£
federal components of the aviation security system.
The civil aviation security system overseen by the FAA on September 11, 2001 was in
keeping with the system that had evolved over the previous 75 years hi attempting to
reconcile the sometimes-conflicting goals of economic promotion and security
enhancement.
Exacerbated by the de-regulation of the airline industry in the 1970s, which increased the
stakes and the adversarial nature of the regulatory process, the FAA security rulemaking
process, which bore the primary responsibility for creating and implementing the system
o in place on 9/11/01, was slow and reactive. Furthermore, the dispersed system of

31
responsibilities for civil aviation security created multiple opportunities for delaying the
regulatory process and avoiding accountability.
The implications of the division of responsibilities for civil aviation security were
discussed in the 2001 textbook, Commercial Aviation Safety:
Although the organizational changes that have been mandated in recent years have
improved the situation, they remain inadequate to preclude future tragedies because the
( H~ basic features of the aviation security system remain unchanged. Of fundamental
^r^1 importance is the continuing division of responsibility among the many agencies and
levels of government.89
I^
cx • Civil Aviation Security Culture and Issues
The Gore Commission had generally ratified the existing system of shared and
complementary responsibilities in civil aviation security with the FAA the appropriate
lead federal agency. It sought to build and improve on the existing partnership in order to
"marshal resources more effectively, and focus all parties on achieving the ultimate goal:
enhancing the security of air travel for Americans." The Commission's Final Report
stated:
Americans should not have to choose between enhanced security and affordable air
travel. Both goals are achievable if the federal government, airlines, airports, aviation
employees, local law enforcement agencies, and passengers work together to achieve
them.90
In his book, After: How America Confronted the September 12 Era, Stephen Brill wrote
about some of the consequences of the partnership:
For years, the airlines - an industry whose product is regulated from Washington like
almost no other - and the FAA have had a mutual support relationship.' Their personnel
regularly switched sides, going from the agency to one of the airlines' large Washington
lobbying offices and back again... (T)hey thought of themselves more as partners than
.-»-—•<~ \~~\s^*-a adversaries, which had its positive side in the sense that overbearing regulators could
-V-^3" easily strangle an industry like this. So, the airlines rarely complained publicly about the
•> ' ,—^^^) FAA, and the FAA didn't hassle the airlines about issues like security. __
A second attribute of the pre-9/11 aviation security system in the United States was the
different approaches it took toward safety and security.
Aviation safety, which refers to counter-measures related to accidents, is based on

quantifiable assessments of accident probabilities derived from a wealth of data built up
over many years within civil aviation itself. Aviation security, which encompasses
protective efforts against hostile or malicious acts involves the vagaries of human
behavior and intentions and "is much more difficult to measure because it depends on our
estimate of the threat of a hostile act."92 And such a threat estimate would typically come
from "outside" the world of civil aviation (i.e. the intelligence community).

32
The National Research Council (NRC) has contrasted aviation safety, where "one agency
(the FAA) has a dominant role in ensuring safety through multiple, coordinated means."
With respect to aviation security "tactics and techniques emerged piecemeal, in reaction
to a series of individual security failures." The NRC concluded, "Given the outstanding
performance of the aviation safety system, it is notable that aviation security... was not
handled in a similarly holistic fashion."93
Indeed, while safety was built-in to the basic operation of the civil aviation system from
the outset (with the 1926 Air Commerce Act "passed at the urging of the aviation
industry, whose leaders believed the airplane could not reach its full commercial potential
without federal action to improve and maintain safety standards"94), security was
generally regarded as a "disruption" to the regular operation of civil aviation.
(PLACEHOLDER: WE NEED A CITATION FOR THIS LAST POINT)
In an August 16,2001 speech at an Air Line Pilots Association Safety Forum, President
Carol Hallett of the airline industry's trade association remarked that by the 1930s,
"safety truly became an integral part of aviation. It was woven into every aspect of our
industry - from design to operations, from maintenance to marketing. Safety became a
discipline and a cornerstone of our operations."95 In contrast, security - other than
internal security directed at such criminal acts as fraud or theft - was a relatively recent
addition to airline concerns.
o Cathal "Irish" Flynn, head of the FAA's security division from 1993 through early 2001,
told the Commission that, perhaps because of the sanitized nature of the threat
information they received and especially because of the fact that the last hijacking of a
U.S. airliner had been back in 1991, the airline leadership did not take the need for
increased security seriously and resisted "expensive" counter-measures. Admiral Flynn
recounted a 1994 meeting when the CEO of a major U.S. airline told him to "give us a
reason to increase security and we will." Flynn further observed that the airlines were
generally more receptive to requests for increased security measures overseas than in the
United States because that is where they perceived the threat to be and it would be less
expensive to implement96
Former Djsputy Secretary^ ofState_and terrorism expert Larry Johnson commented hi a

1996 television appearance
I call (airline) security directors the Rodney Dangerfields of their industry. They get no
respect because when they walk through the door to the chief executive and say we need
to spend money on this system, they're not seen as bringing value to the bottom line;
they're seen as causing a cost. And I know of several instances in which the airlines have
resisted changes to increase security not because they're not in favor of security, but in
their judgment, they don't think there's a threat there, and they don't feel it's warranted
to spend the money.97
The general pre-9/11 security philosophy of the third major part of the civil aviation
o security partnership, the airport operators (which could just as correctly be applied to the
other components of the security system), was summed up in the 1999 Civil A viation
Security Reference Handbook prepared by the FAA.

33
Under normal airport operations, security is maintained at a level commensurate with the
perceived threat and the need to facilitate the movement of people, cargo, machines,
vehicles and aircraft on the airport. The existing approach to airport security is for airport
operators to maintain a level of security consistent with the assessed threat and to rely on
well-developed and sound contingency plans to upgrade security quickly in response to
intelligence information or emergency situating _Thig minimizes the disruption of
airport operations, but to be effective, it is essential that airport operators, air carriers, and
other airport tenants be capable of reacting immediately and in concert to a higher level
of security, based on an integrated and well-understood contingency plan.98
Another aspect of the civil aviation security system has been its reactive nature. In his
book Aviation Insecurity, author Andrew Thomas observed:
A long-standing criticism of aviation security policy in the United States is that the last
major attack on the system tends to drive the implementation of new security measures.
The view holds that we are continually fighting the last war and allowing the perpetrators
of violence to educate us about the vulnerabilities of the system. Throughout the thirty-
year history of aviation security, almost all of the substantive improvements have come in
direct response to a particular incident.99
It was similarly described by another aviation analyst.
The FAA has frequently been criticized for its bureaucratic tendency toward relative
complacency until a tragedy occurs...Extensive media coverage and outraged citizens
bring pressures to bear on Congress and the administration, who respond with new laws,
regulations, studies and plans. For its part, FAA often responds by rushing various
technologies, systems, and procedures into operation without always giving due
consideration to their utility, costs, and efficiency.100
These observations were reiterated by the report of the White House Commission on
Aviation Safety and Security created hi response to the Pan Am Flight 103/Lockerbie
disaster that found: "the Federal Aviation Administration to be a reactive agency -
preoccupied with responses to events to the exclusion of adequate contingency planning—
in anticipation of future threats."101 •—
This reactive nature was, in part, reinforced by financially challenged air carriers
demanding that new security rules have some basis in the precedent of an actual event, or
a very specific threat.
Writing for the airline industry, the Ah- Transport Association (ATA) submitted to the
FAA its view that before imposing new security rules, such as the requirement to conduct
a criminal background check on all airport and ah* carrier employees, the FAA should
establish, "What terrorist incidents would have been prevented had the proposed rule
been in effect?"102
In another comment on a proposed rule, this tune on revision of the Ah- Carrier Standard
Security Program (ACSSP), ATA wrote to the FAA that, "We have always subscribed to
threat based security measures based on specific information from the U.S. government.
When FAA promulgates requirements which serve no substantive security value and are
DRAFT- FOR INTERNAL USE ONLY DRAFT

34
not based on specific threat information," ATA would raise concerns on behalf of the
airlines.103
Although the occurrence of a major event would move the system to take action, aviation
security author Brian Jenkins noted in 1996 that "security authorities almost invariably
failed to foresee the terrorists' adoption of attacking aviation."104
Federal Aviation Administration
FAA's responsibilities and authorities with respect to civil aviation security were set forth
in Title 49 of the United States Code vesting the FAA Administrator with the following
charge:
Protection Against Violence and Piracy—The Administrator shall prescribe regulations

to protect passengers and property on an aircraft operating in air transportation or intra-
state air transportation against an act of criminal violence or aircraft piracy.105
This mandate included a battery of specific civil aviation security tasks set forth primarily
in Title 49 of the United States Code, Chapter 449:
• Coordinating and inspecting security arrangements at large airports
• Requiring airports to provide a secure operating environment, consisting of the airport perimeter
and aircraft operations area
• Establishing basic security standards for airports, supplemented by an airport-drafted and FAA-
approved Airport Security Program for each airport
• Establishing minimum security standards for the airlines, supplemented by the airline-drafted and /
FAA-approved Air Carrier Standard Security Program ^j
• Developing training courses for civil aviation security employees
• Requiring criminal history background checks for individuals employed in, or applying for,
positions which have unescorted access to commercial aircraft or secured areas of U.S. airports.
• Overseeing research and development of aviation security devices and technologies.
• Analyzing intelligence information to discern threats to civil aviation; sharing such threat ^j
information with the airports and air carriers as appropriate; and ordering emergency measures to /
counter such threats.l06 1
In carrying out its safety and security responsibilities authorized under Section 40101
Title 49, Chapter 449 of the United States Code, FAA was to consider a number of
factors "as being in the public interest," including "(1) assigning, maintaining, and
enhancing safety and security as the highest priorities in air commerce. (2) regulating air
commerce in a way that best promotes safety and fulfills national defense requirements.
(3) encouraging and developing civil aeronautics, including new aviation technology."107
Rulemaking
For many years leading up to 9/11/01, administrative procedure rules and agency
practices required that FAA rulemaking to "protect passengers and property" undergo
numerous and repetitive development and approval steps internally, within the
Department of Transportation as well as the Executive Office of the President (Office of
35
Management and Budget). This process included application of a cost/benefit analysis

as well as the opportunity for in-depth public comment. The rulemaking process for
FAA aviation standards included a total of 217 steps, though some of these could be
skipped under certain circumstances. 108
Author Steven Brill reported his findings on the rulemaking process with respect to the
status of knives at airport screening checkpoints.
As with all FAA regulatory work,...the FAA would negotiate with the airlines pushing
ijjje \-**~£ back on anything that cost them money or their passengers time. Although no one will
-now admit it in so many words, according to records in the archives of the FAA. that in
V, Me(^ fartis^vhat had resulted in the rule that razors or knives with blades of four and a half
inches or less be allowed in carry-on baggage. The airlines feared that a complete ban on
^- k^ knives or razors would require them to hire more screeners while further inconveniencing
• <^\.~*~^-:> and delaying passengers. 109 no
In addition to concerns about the timeliness and accountability of FAA rulemaking, 111 the
partial de-regulation of U.S. civil aviation in the 1970s had significant consequences
within that process, as described in a 2001 textbook on aviation safety and security.
Over the past two decades, vigorous industry economic competition has made rulemaking
a distinctly adversarial process. Carriers, labor groups, aircraft manufacturers and
general aviation supporters carefully scrutinize every proposed safety regulation and
question its efficacy and impact on costs. Often such activities, in concert with
administrative policies and bureaucratic labyrinths, have effectively blocked safety
regulations for years.112
FAA Enforcement
The primary means of enforcing compliance with FAA security standards by the
aviation industry was the issuance of fines, but there were significant limitations
in the use of this tool, as explained to the Commission in a May 23,2003 public
hearing. According to Michael Canavan, who was the FAA's security chief on
September 11,2001:
There was a certain level of fining for different offenses. And after a while the airlines
accumulated a lot of- huge amounts of money, and then the lawyers would get a hold of
it, between the airlines and the Department of Transportation, and they would figure out
some compromise. The thing that they never wanted was for you to go public and say
Airline X has been fined X number of dollars because of A, B and C. That was the
f biggest hammer you had. So a lot of this would get negotiated out.113 I U
Former DOT Inspector General Mary Schiavo testified at that same hearing that
her investigations had disclosed that the enforcement fines levied by the FAA on
industry were typically reduced to "about 10 cents on the dollar."1 116
Another potential enforcement method was the certification process. To gain

initial certification under the Federal Aviation Act, an airline must have
demonstrated that it was willing and able to comply with the FAA's minimum
36
standards and regulations. Furthermore, the certificate holder had to demonstrate

continuing compliance and failure to do so would subject the violator to FAA
inspection that could lead to amendment, modification, suspension or even
revocation of the certificate. However, de-certification for security failures was
never sought and rarely even threatened by the FAA. 118
FAA Security Organization
The mantle of organizational leadership at the FAA is vested in an Administrator and

Deputy Administrator ultimately responsible for decision making at the agency. In
addition, the agency maintained an organizational structure dedicated solely to aviation
security overseen by an Associate Administrator of Civil Aviation Security. This function
was augmented by a special Office of Intelligence and Security located in the Office of
the Secretary of Transportation. The key security positions, many of which had been
originally authorized by the Aviation Security Act of 1990 (PL 101-604) were as follows:
Office of Intelligence and Security
Director of Intelligence and Security (DIS) was placed within the Office of the
Secretary of Transportation, and reported directly to the Secretary of Transportation. The
Directors responsibilities included:
• To receive, assess, and distribute intelligence information related to long-term

transportation security
• To develop plans for dealing with threats to transportation security; and
• To serve as the Secretary's primary liaison to the intelligence and law
enforcement communities. ,-. .
The Director of the Office of Security and Intelligence maintained a staff comprised of
approximately 16 staff, including a liaison from the Central IntelligenceÂgency. The
Director of the Office on September 11,2001 advised the Commission that while his VX- —n
office had no operational role, he perceived his mission as being to "oversee overall r\
transportation security, and serve as an advocate for security within the transportation
industry."119
7 (The office was divided into three divisions each with its own manager and staff.
• Transportation Division, included three staff, one who whom specialized in

aviation was responsible for (PLACEHOLDER).
• Intelligence Division, staffed by two analysts—one from the Defense Intelligence
Agency and one from the U.S. Coast Guard was responsible for
(PLACEHOLDER);
• Cyber-security division, with two staff responsible for (PLACEHOLDER).
O
37
Although the office did not have a 24-hour watch, a former Director of the office
informed the commission that the office maintained a direct line to the CIA's Counter
Terrorism Center (CTC) and the National Security Agency.120
FAA Office of Civil Aviation Security
Associate Administrator for Civil Aviation Security (ACS) headed the FAA's
Office of Civil Aviation Security (CAS), which had been created in 1962 and was
originally designed to deal with traditional crimes. The Associate Administrator's
mission was to: (1) manage and provide operational guidance to FAA field
security personnel; (2) enforce security-related requirements; (3) identify the
research and development requirements of security-related activities; (4) inspect
security systems; (5) report relevant information to the Director of Intelligence
and Security; and (6) assess threats to civil aviation.
Federal Security Managers (FSM) were appointed by the FAA at any U.S.
airport where "necessary for air transportation security," including all major
airports. They reported directly to the Associate Administrator for CAS, and were
to: (1) assist in development of a comprehensive security plan for the airport; (2)
oversee and enforce the carrying out by air carriers and airport operators of FAA
security requirements; (3) coordinate FAA's response to terrorist incidents and
threats at the airport; and (4) coordinate government aviation security activities at
the airport and with local law enforcement.
Foreign Security Liaison Officers (by September 11,2001 referred to as Civil

Aviation Security Officers or CASLOs) were designated by the FAA, in
coordination with the Secretary of State, at certain higher risk foreign airports.
They reported directly to the Associate Administrator for CAS,<to carry out - "to
the extent practicable" - duties exercised by Federal Security Managers at U.S.
airports.12
Other key civil aviation security positions in place on September 11,2001 included the
three under the jurisdiction of the Associate Administrator for Civil Aviation Security to
whom the Office Directors reported directly. They included:
Office of Civil Aviation Security Intelligence (ACI), which evaluated, analyzed and
disseminated aviation security intelligence produced by the U.S. intelligence community.
Its components included: . , * _L r\>
• Transnational Terrorism Unit,

• Intelligence Operations Division (which operated a 24-hour intelligence watch on
time sensitive intelligence related to aviation security),
• Strategic Analysis Division (which was responsible for long-term analysis), and
• the Sensitive Activities and Law Enforcement Support Division.122 "^

38
Office of Civil Aviation Security Operations (AGO), which was charged with
implementation of civil aviation security measures including those designed to combat
hijackings and sabotage. The office's components included:
• The Federal Air Marshal (FAM) Program responsible for the recruiting, training
and deploying law enforcement officers to serve as a protection force on U.S.
flagged aircraft.
• International Operations Division responsible for assessing and enforcing

compliance with security regulations and policies by foreign airports and air
carriers serving the United States overseas.
• Airports Operations Division responsible for assessing and enforcing compliance

with security regulations and policies at U.S. airports.
• Air Carrier Operations Division responsible for assessing and enforcing

compliance with security regulations and policies at U.S. airports.
• Investigations Division (PLACEHOLDER FOR DESCRIPTION OF

ACTIVITIES— SUPERVISED BACKGROUND CHECKS)
• Internal Security Division (PLACEHOLDER FOR DESCRIPTION OF

ACTIVITIES)
• Standards and Evaluation Division responsible for handling all external

inspection testing, the K-9 Explosives Detection Program, and crisis management
for headquarters and regional offices)
• Information Systems Security Division (PLACEHOLDER FOR DESCRIPTION

OF ACTIVITIES)
• Dangerous Goods/Cargo Security Division. 123 (PLACEHOLDER FOR

DESCRIPTION OF ACTIVITIES)
Office of Civil Aviation Security Policy and Planning (ACP) responsible for
developing, reviewing and revising rules, regulations and policies concerning domestic
and foreign air carrier and airport security. It's components included:
• Civil Aviation Security Division, responsible for developing policies and proposed
legislation bearing on civil aviation security.
• Security Division, responsible for developing and coordinating plans for FAA
personnel and facilities security.
• Technology Integration Division, responsible for establishing aviation security

research and development requirements.124

39
Principal Security Inspectors (PSI) - FAA personnel assigned a PSI to each foreign
and domestic air carrier required to adopt an FAA-approved security program. The PSI
served as the liaison between the FAA and the air carrier and was responsible for
approving and issuing amendments to the carrier's standard security program, providing
guidance to the carrier with respect to regulatory actions, and approving and monitoring
the carrier's security training programs.1 5
Field Elements - Each of the nine FAA Regional Offices housed a Civil Aviation Security
Division headed by a Regional Security Division Manager who reported to and received
direction from the Director of Operations in the FAA's Washington DC Headquarters.
Civil Aviation Security Field Offices (CASFO) were responsible for carrying out FAA's
security mission in a defined geographic area and were headed by a Manager who
reported to the appropriate Regional Security Division Manager.
Civil Aviation Security Field Units (CASFU) were smaller units usually assigned to focus
on a particular airport and reported to CASFO's.126
Special Assessment Program — Additionally, a key component of the aviation security

system in place on September 11,2001 was the "Special Assessments Team" also known
as the "Red Team," which was created after the bombing of Pan Am Flight 103 in 1988.
The main mission of the Red Team "was to conduct covert security penetration testing
for the purpose of identifying both localized and systemic vulnerabilities and to help
strengthen FAA's regulatory inspection capabilities."127 It was housed within the Special
Activities Staff in the Office of the Associate Administrator for Civil Aviation
Security.128
FAA Civil Aviation Security Budget and Manpower
Its changing staffing and budgetary levels illustrate the evolving, and generally
increasing, role of the FAA's security component. The Office of Civil Aviation Security
had grown from a staff of 379 in FY 1986 to 852 in FY 1992 (in the wake of Pan Am
103), dropping off somewhat to a low of 743 in FY 1995, and then steadily rising after
Bojinka and TWA 800 to a level of 1182 by FY 1999. Its budget rose from just under
$40 million in FY 1986 to just under $300 million in FY 1999.129
(PLACEHOLDER FOR ADDITIONAL INFORMATION/ANALYSIS ON

BUDGETING AND STAFFING)
FAA Culture and Issues
The institutional outlook and attitudes of the FAA with respect to security were heavily
influenced by the fact that the FAA, and its predecessors, were tasked from the beginning
with what has come to be called the "dual mandate" of both regulating and promoting
civil aviation. Furthermore, this divided focus had implications for the agency's ability
to carry out its security mission. From the Aeronautic Branch of the Department of

40
Commerce created by the Air Commerce Act of 1926 with responsibility for "fostering air
commerce, issuing and enforcing air traffic rules, licensing pilots, certificating aircraft,
establishing airways, and operating and maintaining aids to air navigation,"13 to its
ultimate successor, the Federal Aviation Administration (FAA), the U.S. Government's
lead civil aviation agency was confronted with what aviation security author Andrew
Thomas called "two competing and divergent goals. How can it nurture both market
forces and public safety at the same time? A formidable, if not almost impossible, task,
to be sure."131
Thus, under this "dual mandate" the Federal Aviation Act of 1958, which created the
FAA, described the FAA's security role as "to establish security provisions which will
encourage and permit the maximum use of the navigable airspace by civil aircraft
consistent with the national security."132 Former Department of Transportation Inspector
General Mary Schiavo wrote in her 1997 book, Flying Blind, Flying Safe,
The FAA's dual mission did not leap out at anyone in 1958 - or in most of the years
following - as a glaring paradox. In those days, aviation was heavily regulated. The
government controlled prices, routes, even the purchase of airplanes. The aviation
industry thrived under the care and nurturing of the government. The government and
the military were intrinsic to the development of aviation; the same people guided and
assisted aviation on both sides. The aviation industry urged Congress to pass the very
legislation that created the FAA. The FAA's mandate was essentially a national
industrial policy designed to foster commercial aviation.133
As was customary in the civil aviation regulatory system, the impetus for a change in the
dual mandate came in reaction to a disaster. In this case, it was the May 1 996 explosion
of a ValuJet DC-9 over the Everglades. When the NTSB investigation revealed safety
lapses by the FAA, the air carrier, and one of the carrier's contractors to be responsible
for the crash, Transportation Secretary Pena announced on July 18, 1996 "that he would
urge Congress to make safety FAA's single primary concern."13* -X
In introducing legislation to implement the change advocated by Secretary Pena, Senator

Olympia Snowe (R-ME) stated, "We cannot expect the FAA to regain the trust of the
public while it maintains the mission to both ensure their safety while continuing to
promote the growth of the carriers. The current mission of the FAA places it in the
untenable position of being both the enforcer and the best friend of the airlines - no one
can perform both roles and do them well."135
Though, as noted above, concerns about the appearance of a conflict between FAA's
promotional and regulatory roles led Cnngregg tn formallyffliTninatPthf prnmntinn^l
Mandate in 1996,1 the FAA's legal authorities that were still in effect on September 11,
2001 included alTof the following:
• Under Section 40 1 0 1 of 49 USC 449, the FAA was to consider a number of factors in carrying out
its safety and security responsibilities, including "encouraging and developing civil aeronautics."
• Section 40104 provided that "The administrator of the Federal Aviation Administration shall
encourage the development of civil aeronautics and safety of air commerce in and outside the
United States."

41
• Section 44903 required that, in carrying out its authority to protect passengers "against an act of
criminal violence or aircraft piracy," the FAA was to consider whether any proposed regulation
was consistent with "protecting passengers; and the public interest in promoting air transportation
and intrastate air transportation." Furthermore, "to the maximum extent practicable," the FAA
was to "require a uniform procedure for searching and detaining passengers and property to ensure
their safety; and courteous and efficient treatment" by the air carrier and any governmental
personnel involved in the process.137
Kenneth Mead, who has served as Inspector General at the Department of Transportation
since May of 1997, testified to the Commission as to the security implications arising out
of FAA's dual role of promoting the industry while at the same time regulating it:
Within that (aviation security) model there were strong, very strong, counter pressures to
~~) control security costs, because it was a cost center for the airlines, and to also limit the
impact of security requirements on aviation operations, so that the industry could
concentrate on its primary mission of moving passengers and aircraft. In our opinion,
v*- those counter pressures in turn manifested themselves as significant weaknesses in
security that we, the GAO, others, including the FAA, found during audits and
investigative work.138
U.S. Air Carriers

(PLACEHOLDER ON A DESCRIPTION/NUMBER OF AIR CARRIERS IN THE
U.S. -- FOR PROFIT ENTERPRISES)
Federal Aviation Regulation 108139 sets forth the framework for the security
responsibilities of commercial air carriers and other aircraft operators. Notably, this
regulation was not issued until January of 1981, prior to which air carrier security had
been subsumed under the general commercial aviation safety requirements in Part 121.
Under the FAR 108 in effect on September 11,2001, airplane operators were to adopt
and implement a security program to "provide for the safety of persons and property
traveling in air transportation and intrastate air transportation against acts of criminal
violence and air piracy." The plan, termed the Air Carrier Standard Security Program
(ACSSP), which was subject to the approval of the FAA, had to cover the folio whig:
• Screening of passengers and baggage

• Airplane and facilities control
• Law enforcement coordination
• X-ray system operations
• Bomb and air piracy threats
• Hijacking and sabotage attempts
• Training of personnel
• Explosive detection system operations
While a final rule revising the ACSSP was promulgated on July 21,2001 with an
effective date of November 14,2001,14° the program in place on 9/11/01 had last been
modified on May 31,2000 and its purpose was "to prevent or deter aircraft hijackings,
sabotage, and related criminal acts."1 —— . —
42
Screening. The airlines' screening responsibilities as prescribed in the FAA-approved

ACSSP, were "designed to prevent or deter the carriage of any explosive, incendiary, or a
deadly or dangerous weapon on a passenger or in their checked or carry-on bags." The
program employed x-ray machines, explosives detection equipment and physical searches
to carry out this function, with the work itself generally being contracted out by the
airline to a private security company. The airline retained the responsibility for
overseeing the contractor's compliance with FAA regulations.142 The April 2000
assessment of passenger and baggage screening by Gerald Dillingham of the GAO is
representative of independent evaluations of that system's effectiveness right up through
September 11,2001.
FAA and the airline industry have made little progress in improving the effectiveness of
airport checkpoint screeners. Screeners are not adequately detecting dangerous objects
and long-standing problems affecting screeners' performance remain, such as the rapid
screener turnover and the inattention to screener training. FAA's efforts to address these
problems are behind schedule.143
Appendix I of the ACSSP provided FAA's "Deadly or Dangerous Weapons Guidelines"

for use in determining what objects should not be allowed to be carried into the cabin of
an aircraft. They were to be used by screeners "in making a reasonable determination of
what property in the possession of a person should be considered a deadly or dangerous
weapon. They are only guidelines, however, and common sense should always prevail."
Within the list were the following relevant entries:
Knives - Including sabers, swords, hunting knives, souvenir knives, martial arts devices, and such
other knives with blades 4 inches long or longer and/or knives considered illegal by local law.
—~^
Disabling or Incapacitating Items - All tear gas, mace, and similar chemicals and gases whether in
pistol, canister, or other container, and other disabling devices such as electronic
stunning/shocking devices. ,
Other Articles - Such items as ice picks, straight razors, and elongated scissors, even though not
commonly thought of as a deadly or dangerous weapon, but could be used as a weapon, including
toy or "dummy" weapons or grenades. 5
Specifically on the topic of box cutters, in his testimony to the Commission on behalf of
the Air Transport Association (ATA), James May stated:
Under pre-9/11 FAA regulations only "knives with blades four inches long or longer
and/or considered illegal under local law" were prohibited. Under a non-regulatory
Checkpoint Operations Guide, developed by the FAA, the Regional Airline Association
and the ATA, with FAA approval interpreting the FAA regulations, box cutting devices
were considered a restricted item posing a potential danger. This meant that if such a
device was identified, it could be kept off the aircraft. The FAA mandated metal-
detection walk-through systems, however, were designed and tested to detect metallic
items about the size of a small handgun or larger. The pre-9/11 screening system was not
designed to detect or prohibit these types of small items.146147
The Checkpoint Operations Guide (COG) was developed by the Air Transport
Association (ATA) and the Regional Airline Association (RAA), with FAA approval, to

43
implement the security checkpoint related provisions of the ACSSP. Under the COG in
place on September 11,2001 (which had been revised one day earlier), "box cutters"
were classified as "Restricted" items that "are not permitted in the passenger cabin of an
aircraft. The (checkpoint) supervisor must be notified if an item in this category is
encountered. Passengers may be given the option of having these items transported as
checked baggage." "Mace" and "pepper spray" were categorized as "Hazardous
Materials" and "passengers may not take items in this category on an airplane without the
express permission of the airline." "Pocket utility knives (less than 4 inch blade)" were
% listed as "approved items." The COG provided no further guidance on how to distinguish
' between "box cutters" and "pocket utility knives."148149
Other Security Responsibilities. While airport authorities had responsibility for most
civil aviation access control issues, under FAR 108 and the ACSSP, air carriers were
responsible for securing access to their aircraft150 and operations areas.151 In the
immediate aftermath of 9/11, DOT Inspector General Kenneth Mead spoke of his office's
findings on access control with respect to both airlines and airport operators.
Controlling access to secure areas of the airport is critical to protecting the airport's
infrastructure and aircraft from unauthorized individuals. During late 1998 and early
1999, we successfully accessed secure areas in 68 percent of our tests at eight major U.S.
airports. Once we entered secure areas, we boarded aircraft 117 times. The majority of
our aircraft boardings would not have occurred if employees had taken the prescribed
steps, such as making sure doors closed behind them.152
The anti-hijacking training for civil aviation aircraft crews in place on September 11,
2001 was based on previous experiences with domestic hijacking, aimed at getting
passengers, crew and hijackers safely landed, and offered little guidance for confronting a
suicide hijacking.153154 :
" *'•"' ; •'""'•
Air carrier responsibilities for security and anti-hijacking training for flight crews were
set forth in Section XIII. J of the ACSSP. The program included the following elements:
• 8 hours of initial security training for all crew members on aircraft with more than 60-seats, which
could be shortened to 4 hours with FAA approval
• Annual recurrent training of 4 hours for pilots in charge and other crew members on international
flights, which could be shortened to 2 hours with FAA approval, and 2 hours for all other crew
members
• An outline of "Inflight Hijacking Tactics" for both the cockpit and cabin crews, which, among
other things advised "do not try to overpower hijacker(s), do not negotiate with hijackers, try to
land the aircraft, relay specified information to ground about hijackers, and try delaying tactics.',,155
Air Carrier Security Organization
The organization of security varied from airline to airline. Typically, though, the security
function was handled separately from all other activities, including safety. Whereas the

44
safety function was accorded a "high priority" within the companies because "it is in their
business interests" to do so,157 security was not similarly regarded. The security manager
often reported to the airline's vice president for operations, since security was seen as
having a "substantial impact" on operations, including schedules and passenger
processing. The airline security office was generally responsible for interpreting FAA
security guidelines, implementing measures to insure compliance with those regulations,
conducting internal security audits, representing the carrier in all security-related forums,
and handling internal security matters such as theft and fraud.158
There was a general feeling that airline security managers were not highly placed within
the corporate decision-making structure. According to Admiral James Underwood, who
was Director of Intelligence and Security for the U.S. Department of Transportation from
May 2000 until April 2002, prior to the 9/11 hijackings, few security managers were
known to their CEOs.159 And, as previously noted, the 1996 Baseline Working Group
had specifically called for airports and air carriers to "designate a head of Security who
should be a senior management official and shall be responsible for the direction and
oversight of all aviation security activities" with the clear implication that this had not
generally been the case.160
Since the early 1970s the major security role of the airlines had been to conduct pre-
boarding screening of passengers and carry-on baggage, which the carriers had contracted
out to private security companies. The carrier was responsible for making sure that these
o contractors and their employees met all FAA security regulations.161
A Ground Security Coordinator (GSC) was assigned by an airline for each of its flights
and was responsible for monitoring all security requirements prior to takeoff, at which
point the Pilot in Command (PIC) took over as the in-flight security coordinator.162
Another entity related to the ah" carriers' security operations is the Air Transport
Association (ATA), which was founded hi 1936 and remains the sole trade association for
the major U.S. airlines. It represents their interests before Congress, federal agencies
(including the FAA), and state and local governments. The ATA seeks to coordinate
industry and government safety programs, to help standardize industry practices and to
enhance the efficiency of the air transportation system.163 Of particular relevance to this
report, the ATA took the lead role for the airlines in the FAA rulemaking process, and hi
developing - subject to FAA approval -the Checkpoint Operations Guide (COG) for
passenger and carry-on baggage screening and the training materials for the "Common
Strategy" for dealing in-flight with hijackings.- / f (
A&r Carrier Security Spending
Information about security-related spending and personnel levels among the airlines has
been somewhat difficult to ascertain. An August 2001 memorandum from the ATA hi
response to a request from the General Accounting Office (GAO) estimated "costs to the
entire industry to implement all federal security requirements and conduct required
O security programs at $1 billion." However, in communications with the Commission, the

45
ATA stressed that this was a "very rough estimate" based on incomplete reporting from
the airlines, as well as variations in data, descriptions and components submitted by
individual airlines. An annual figure of $300 million for the airlines' estimated,
aggregated security screening costs in 2000 was developed pursuant to the airlines'
submissions hi response to the requirements of the Aviation Security Infrastructure Fee,
67 Fed. Reg. 7926, of February 20,2002. Subsequent efforts by ATA to "capture and
project security costs" were unsuccessful.164
Air Carrier Culture and Issues
Unlike the situation in many other countries where civil aviation is run directly or
indirectly by national governments, in the United States the air carriers are privately-
owned, for-profit corporations. Their primary obligation to their shareholders was (and
is) to maximize the rate of return on investment. Though the major carriers which existed
on September 11,2001 (the three largest being Delta with 103 million passengers in
1997, United with 84 million, and American with 81 million)165 had been created in the
era of extensive federal regulation of rates and schedules, these too had to compete with
the lower-cost airlines which had emerged after the de-regulation of fares and routes in
the 1970s. By the beginning,,of the 21st Century, the pressures caused by this
competition, combined with other economic factors, had produced a climate in which the
airlines were desperately seeking to cut costs.
In a March 2003 report on the economic plight of the airline industry, the Air Transport
Association (ATA) summed up the industry's outlook prior to the events of September
11,2001:
By the spring of 2001, the U.S. airline industry was clearly entering a period of economic
turbulence. The slowing economy and the bursting dot-corn bubbles suggested
substantially slowed economic growth. Passenger traffic was expected<to increase only 1
percent in 2001 from the 2000 record level of 1.8 million passengers per day. Aircraft
operations, which totaled 25,200 departures per day in 2000, were expected to increase
only slightly in 2001. Net losses for the industry were forecast at $3.5 billion. Despite
this daunting challenge, the airlines were positioned to weather the storm. The profitable
period from 1995 to 2000 had enabled the carriers to rebuild their balance sheets from the
Gulf War years. Industry cash reserves were some $11 billion at the end of the first
quarter of 2001 and, despite the preceding period of record demand, industry expansion
had been moderate, with operating revenues growing at an annual rate of 6.6 percent
from 1995 to 2000."*
According to Kevin Murphy, an aviation analyst at Morgan Stanley, the airline industry
had not generally earned a rate of return exceeding its capital costs in most of the years
following the 1978 de-regulation of civil aviation. Even when the industry achieved its
record high profit levels in the late 1990s, its rate of return was no higher than average
among all companies on the Standard and Poor's 500 stock index.167
(PLACEHOLDER FOR CULTURAL ISSUES)

46
U.S. Airports
(PLACEHOLDER FOR DESCRIPTION AND NUMBER OF COMMERCIAL

AIRPORTS)
Airports in the United States display diversity in both ownership (which can be either
private or public) and management (which can be by city, county, state, regional or other
specialized airport authorities). Airport operators seek to balance the objectives of
producing revenue for the private or public owner, facilitating efficient movement of the
traveling public, and fulfilling their security responsibilities.168
Airport security is regulated by Federal Aviation Regulations Part 107 (14 CFR 107),169
which establishes specific requirements for airport security programs, physical security,
access control, and law enforcement support for all airports in the United States serving
regularly scheduled passenger operations.170 The airport's security program was aimed at
providing a secure environment for airplane operations, controlling the movement of
people and ground vehicles to, from and within the airport, and preventing unauthorized
access to air operations areas. Airport authorities were responsible for securing the
airport perimeter, terminals and ramp areas. 171
Airport Security Organization
Airport security is generally implemented by special security forces employed by the

airport operator to provide physical security at the airport. Law enforcement is provided
by the police force of the managing governmental authority (state, local, regional or
special).172
As of September 11, 2001,458 U.S. airports were subject to FAA security regulation.
These were divided into six categories, based primarily on size and potential threat level,
with the largest and most potentially threatened facilities generally subject to greater
security requirements.
AIRPORT CATEGORIES173
CATEGORY # AIRPORTS DEFINING CHARACTERISTICS
X 19 25 million or more total passengers per year, OR 1 million or more
international passengers per year, OR special threat circumstances
I 58 Between 2 and 25 million passengers
II 52 Between 500,000 and 2 million passengers
III 137 Less than 500,000 passengers, but serve aircraft with 61 or more
seats
IV 168 Smallest airports that perform screening of passengers, OR serve
o V 24
aircraft with less than 61 seats
Do not perform passenger screening, AND serve aircraft between
3 1-60 seats

47
(PLACEHOLDER: ADD ADDITIONAL INFO ON AIRPORT SECURITY

MANAGEMENT ORGANIZATION AND AIRPORT SECURITY MANPOWER
AND BUDGETING)
Airport Security Culture and Issues
The most serious problem for airport security, as identified by the FAA's own testing,
was access control for secure areas of the airport. From 1993-1999, between 80 and 85
percent of all airport security violations as determined by the FAA were related to this
issue.174 Both the General Accounting Office175 and the Department of Transportation
Inspector General176 conducted covert testing of airport access controls which
demonstrated significant weaknesses in such controls.
(PLACEHOLDER FOR ADDITIONAL INFORMATION)
U.S. Intelligence Community

The U.S. Intelligence Community's mission is best described by Executive Order 12333
issued by the President of the United States in 1981:
The U.S. intelligence effort shall provide the President and the National Security Council
with the necessary information on which to base decisions concerning the conduct and
development of foreign, defense, and economic policy, and the protection of the United
States national interests from foreign security threats. All departments and agencies shall
cooperate fully to fulfill this goal.
Intelligence Community Organization : v
Prior to September 11,2001, as it is today, the U.S. Intelligence Community was

comprised of many agencies of the federal government Key Intelligence Community
members included the Central Intelligence Agency (CIA), the Defense Intelligence
Agency (DIA), the Federal Bureau of Investigation (FBI), Department of State, and the
National Security Agency.
Among the Intelligence Community's priority customers was the National Security
Council, the President's principal forum for considering national security and foreign
policy matters with his senior national security advisors and cabinet officials, and for
coordinating these policies among the various government agencies.
The FAA was not a member of the Intelligence Community, nor did the FAA's Office of
Civil Aviation Security Intelligence (ACI) possess a raw intelligence collection
capability. However the FAA was a "customer" of the Community. Beginning in 1986
the office possessed the capacity to receive a continuous stream of intelligence data from
the Intelligence Community and analyzed the intelligence to determine its significance to
civil aviation security.178

48
To enhance the volume and quality of the intelligence data to which the FAA had access,
A<"^ established liaison officers with the CIA beginning in 1991 (in the reporting section
under the Directorate of Operations), the FBI beginning in 1 996 (in the counter-terrorism
unit at FBI headquarters), and with both the State Department and the NSC in the late
(PLACEHOLDER: CLARIFY TIMING OF PLACEMENT OF STATE
DEPARTMENT LIAISON; WE HAVE CONFLICTING INFORMATION.)
'
Beginning in the 1990's the NSC empanelled a Counter Terrorism Sub-Group (CSG),
(CHECK) made up of assistant secretary level representatives from key 1C agencies, as
well as an Interagency Intelligence Committee on Terrorism (IICT) as a forum to discuss
and coordinate issues and national policies regarding the terrorist threat to the United
States.
Neither the Department of Transportation nor the Federal Aviation Administration was a
participating member of the CSG. However, both held membership on the IICT panel.180
(PLACEHOLDER: CLARIFY IF IICT OR IITC.)
U.S. Intelligence Community Culture & Issues
FAA intelligence officials testified to the Commission that they were "frustrated" by the
limited volume and quality of intelligence data to which they had access. In the case of
the Central Intelligence Agency, the officials believed that it was due to the agency's
desire to protect methods and sources and to compartmentalize sensitive security
information based on a "need to know." With respect to the FBI, FAA authorities
testified that unlike the CIA the FBI had no "central collection" point for intelligence data
to which a liaison could be assigned, and that the FBI's focus was on "criminal
investigations," not domestic intelligence. 181 TX ,—Tv
T •>»£»
U.S. Congress
The U.S. Congress' responsibilities with respect to aviation security policy emanated
from the lawmaking duties vested to it under Article I of the U.S. Constitution, and its
responsibility to oversight implementation of the nation's laws and policies. Additionally
Congress was responsible for funding the federal policy making, enforcement and
operational responsibilities for civil aviation security.
Congressional Organization
Prior to September 11,2001 six committees possessed jurisdiction over key aspects of
civil aviation security policy and funding.
In the U.S. House of Representatives:
• House Committee on Transportation and Infrastructure, including its

Subcommittee on Aviation.

49
• House Committee on Appropriations, including its Subcommittee on

Transportation.
• House Committee on Ways and Means.
In the U.S. Senate:
• Senate Committee on Commerce, Science and Transportation, including its

Subcommittee on Aviation.
• Senate Committee on Appropriations, including its Subcommittee on
Transportation.
• 'Senate Committee on Finance.
In addition to the legislative and oversight committees of Congress, the General

Accounting Office (GAO), an investigative arm of Congress, conducted inquiries and
reported upon various issues related to aviation security, issuing comprehensive reports
on (PLACEHOLDER: LIST AND DATE).182
While in most cases investigations, audits and reports were produced by GAO at the
specific request of Congressional members, particularly committee and subcommittee
leadership, in some instances the agency would conduct inquiries at its own discretion.
The Congressional Research Service produced informational reports on issues related to

aviation security to keep members and Congressional staff up-to-date on key issues
related to aviation and aviation security.
Aviation Security in the 107th Congress
Prior to September 11,2001, the 107th Congress held 25 hearings on aviation issues.
None of thfif fhnifi^ nn t1™ fining nf aviation security. The Congressional spotlight on
aviation was focused on issues related to air carriers' customer service and the economic
1 ft "5
health and commercial health of civil aviation.
The Commission could find only three occasions on which Senators or Members of the
House of Representatives cited the topic of aviation security in floor statements during
the 107th Congress prior to September 11,2001. Only one bill was introduced on the
topic in the same time period. Two of the three floor references and the sole bill
introduced pertained to renaming an FAA facility after a former member of the Senate.184
The General Accounting Office issued a single aviation report in 2001 prior to 9/11. A
major GAO report on Terrorism (PLACEHOLDER NAME OF REPORT) issued on
(PLACEHOLDER INSERT), included a small section on transportation security. The
GAO received (Number) of requests for investigations by Member of Congress on the
topic.185 (PLACEHOLDER: GAO IS COLLECTING THE INFORMATION)
The commission notes that while the aviation funding bill for FY 2002 had not been
enacted prior to September 11,2001, Congressional funding for civil aviation security

50
had substantially increased over the preceding five years from $72 million in FY 1997 to
$139 million in FY 2001, (though the amounts appropriated in 2000 and 2001 were each
approximately $1 million below the president's request).186
The committee report accompanying the Transportation Appropriations bill for FY 2001,
approved in the fall of 2000, did express ongoing frustration with the FAA on security
matters.
The Committee is extremely disappointed over management issues which continue to
plague the civil aviation security program. Many of these issues have been unresolved
for some time...the Committee has provided substantial budgetary increases for civil
aviation security programs over the past few years, and is unsure whether these additional
resources are paying off in significantly improved security.187
(PLACEHOLDER: CONGRESSIONAL CULTURE AND ISSUES; PUBLIC

OPINION, ATTITUDES, PRIORITIES, ETC.)
Elements of the Aviation Security Security System

on September 11.2001 ? -
Layered System
The FAA's general approach to security prior to September 11, 2001 was summarized by
the President's Commission on Aviation Security and Terrorism in its May 1990 report
on the Pan Am 103 disaster.
FAA's approach is based on interrelated security measures which are intentionally

redundant. If any one security measure fails, another will support or replace it, according
to this theory. For example, fencing and personnel identification systems alone are
insufficient for the most sensitive airport areas, but the addition of lighting, law
enforcement personnel, and vigilant aviation employees produce a more complete
security system.188
On September 11,2001 the Civil Aviation Security System featured seven major layers
of defense, including:
• Intelligence Collection, Threat Assessment and Response

Q • Airport security area enforcement

51
• Passenger prescreening
• Passenger checkpoint screening for weapons
• Checked baggage screening for explosives
• Cargo and mail screening for explosives
• Aircraft and Onboard security
Intelligence Collection, Threat Assessment and Response

Section 11 l(a) of the Aviation Security Improvement Act of 1990 (P.L. 101-604)
required "the agencies of the intelligence community [to]... ensure that intelligence
reports concerning international terrorism are made available . . . to ... the Department of
Transportation and the Federal Aviation Administration."
Under interagency memoranda of understanding the agencies of the U.S. intelligence

community, including the Federal Bureau of Investigation (FBI), Central Intelligence
Agency (CIA), National Security Agency (NSA), Defense Intelligence Agency (DIA);
National Reconnaissance Office and the Department of State, among others, were
responsible for collecting and analyzing intelligence data bearing on the security of the
United States, and for routing pertinent information to FAA's Office of Civil Aviation
Security Intelligence (ACI).
To assist in coordinating the exchange of information and tasking, the FAA's Office of
Civil Aviation Intelligence maintained )iwnn nffirprs with the FRJ I PTA
Department and the NSA.
The intelligence data provided to the FAA by the Intelligence Community was routed to
the Intelligence Office's 24-hour watch, started in 1993, where an analyst would review
the material and make a determination on whether to open an Intelligence Case File
(ICF). The file would remain open pending the completion of certain follow-up tasks.
These tasks were recorded in a log sheet to provide for tracking and supervision.
The information received by the watch was rolled-up each day into a Daily Intelligence
jjnrnrpary (Dig). Among those who received the DIS was the Associate Administrator of
Civil Aviation Security and the FAA Administrator, as well as the Director of Security
and Intelligence who would use the material to produce a more comprehensive security
briefing for the Secretary of Transportation.
If an analyst received information indicating a specific and credible threat, he or she, after
consultation with the supervisor, would notify the air carrier of the threat directly. If the
threat required the implementation of extraordinary counter-measures, the analyst, after
consultation with the supervisor, would notify the Office of Civil Aviation S^^^ty ^
Operations.^ A(JU could thenrecommend that the Associate Administrative of Civil /
AviatiorTSecurity issue a Security Directive to the industry legally requiring that
particular counter measures be implemented.189
( —V
Two other ACI products were used to alert the industry and government authorities to
aviation security issues. Information Circulars were issued by ACI to inform airports and
air carriers of security threats that were more general in nature. Often these were threats
rand security trends that FAA believed did not require the imposition of specific
êxtraordinary procedures. ACI also published Tnfplligpnpp Notes as a forum for
expounding on security issues such as terrorist methods of operation. Predominantly
~These products were intended to help support regulatory and policy decision-making. 19°
FAA Intelligence analysis was also used to establish the appropriate Aviation Security
Alert level declared by the FAA. F.ach alert Wei was calibrated to a discrete set of
security measures that the FAA required of airports and air carriers. The various alert
levels represented the level of threat perceived by the FAA based on incidents and f
intelligence estimates. (See additional information below.)191
CifCpPS
Although the Office of Intelligence did not have investigative powers, if ACI deemed that
certain intelligence information required some investigative follow-up, such follow-up
would have to be conducted by the Federal Bureau of Investigation.
Federal law also vested the FAA Administrator with the authority to cancel any flight for
security purposes at his or her discretion.192 However, the Commission is not aware of
any occasion on which that authority has been invoked.
The Administrator and top officials were kept apprised of intelligence through a daily
intelligence summary produced by the Office of Civil Aviation Security Intelligence. The
summary was distributed to the Administrator of Civil Aviation Security; the FAA
administrator and Deputy Administrator and Director of Security and Intelligence
attached to the Office of the Secretary of Transportation.193
(PLACEHOLDER: JOINT VULNERABILITY ASSESSMENTS)"
Secure Area Designation and Enforcement

Federal regulations and both the Airport and Air Carrier Standard Security Programs
imposed responsibilities for designating and enforcing the integrity of secure areas
necessary to protect aircraft and air operation areas from access by unauthorized
personnel.
FAA rules set forth the approved means of protecting secure areas, including control
technologies such as keypad locks on access points, and completion of a background
check and the issuance of credentials to personnel authorized to access sensitive areas.
(PLACEHOLDER FOR DETAILED BACKGROUND CHECK DESCRIPTION)

Air Carriers were responsible for controlling access to each of their "air operations
areas," including their aircraft, baggage rooms, baggage transfer areas, and other non-
public areas, as well as for training their employees hi proper access control procedures,

53
including the display of Secure Identification Display Area (SIDA) credentials, and the
required challenge of individuals not properly displaying the appropriate credentials.
Airports were responsible for identifying and controlling access to non-public areas
Airports are required to provide law enforcement personnel to assure that access controls
were properly protected, and to respond in the event that controls are breached by
unauthorized individuals.194
(PLACEHOLDER FOR GREATER DETAIL ON THIS LAYER)
Passenger Pre-Screening
The next vector of defense, passenger prescreening, was comprised of two main elements
to help keep dangerous people and/or their weapons off of commercial aircraft. The first
pre-screening element was the FAA listing of individuals known to pose a threat to
commercial aviation. Based on information provided by the Intelligence Community, the
FAA was authorized to issue directives to air carriers requiring them to prohibit listed
individuals from boarding aircraft or, in designated cases, to assure that the passenger
received enhanced screening before enplaning.
The second element of prescreening was a program to identify those passengers on each
flight who may pose more than a "minimal threat" to aviation. In 1998, the FAA issued
a directive requiring air carriers to implement an FAA-approved computer-assisted
passenger prescreening program (CAPPS) designed to identify the pool of passengers
most likely to contain a terrorist. The program employed a customized, FAA-approved
algorithm of "factors" and "weights," derived from each passenger's ticket purchase,
passport and frequent flyer data, excluding the individual's race, creed, religion or
national origin, to identify "selectees." '
The algorithm calculated a score based on the factors and weights to identify those
deemed to be more than "minimal threat" to the aircraft and a grouping of other
passengers chosen at random to be a "selectees."
The air carrier was responsible for screening each selectee's checked baggage for
explosives using an FAA approved method including an approved Explosive Detection
System designed to detect explosives concealed in a bag; a trace detection system
designed to identify the residue of explosives on the outside of the bag; examination by a
bomb-sniffing canine; or physical search,
"Selectees" were not required to undergo any additional screening of their person or
carry-on baggage at the checkpoint.195
The automated system replaced a manual system under which airline personnel applied
FAA approved criteria to determine which passengers would be "selectees" and as such
were required to receive additional checkpoint scrutiny of their person and carry-on_

54
belongings. Automation was considered to be fairer and more reliable than the manual
system.
It is worth noting that the issue of CAPPS was highly contentious at the time the
developing program was considered by the Gore Commission, and has continued to be so
to the present day. Gore Commission member and terrorism expert Brian Jenkins
highlighted the key concerns in a 1999 article.
Americans would prefer their security to be democratic and passive; that is, equally
applied to everyone, and reactive only to behavior indicating criminal intent - such as
attempting to smuggle a gun on board - rather than attempting to identify in advance the
most likely smuggler. Criteria based on ethnic identity, national origin, gender, and
religion are all out of bounds to civil libertarians. Nor should profiling provide airlines
with access to personal information about travelers, including their criminal record if they
have one. Arab-Americans, who have been subject to suspicion and in some cases
mistreatment following terrorist incidents that were correctly or incorrectly blamed on
Middle Eastern groups, have expressed particular concern.
While endorsing the "manual and automated profiling systems, such as the one under
development by the FAA and Northwest Airlines," the latter of which became the
CAPPS program, the Commission adopted a lengthy "augmenting recommendation" with
respect to the subject.
The Commission strongly believes the civil liberties that are so fundamentally American
should not, and need not, be compromised by a profiling system. The Commission
recommends the following safeguards: 1) no profile should contain or be based on
material of a constitutionally suspect nature; 2) factors to be considered for elements of
the profile should be based on measurable, verifiable data indicating that the factors
chosen are reasonable predictors of risk; 3) passengers should be informed of airline
security procedures and of their right to avoid any search of their person or luggage by
electing not to board the aircraft; 4) searches arising from the use of an automated
profiling system should be no more intrusive than search procedures that could be applied
to all passengers; 5) neither the airlines nor the government should maintain permanent
databases on selectees; 6) periodic independent reviews of profiling procedures should be
made; 7) the Commission reiterates that profiling should last only until Explosive
Detection Systems are reliable and fully deployed; and 8) the Commission urges that
these elements be embodied in FAA standards that must be strictly observed.
Checkpoint Screening for Weapons

Perceived by the FAA, the aviation industry and passengers as the most obvious and vital
element of aviation security, federal rules required air carriers "to conduct screening., .to
prevent or deter the carriage aboard airplanes of any explosive, incendiary, or a deadly or
dangerous weapon on or about each individual's person or accessible property, and the
carriage of any explosive or incendiary in check baggage." 198 Federal Aviation
Regulation 108 and the Air Carrier Standard Security Program Air Carriers specified the
means by which air carriers, or their designees, were to screen passengers and their carry-
on belongings.

55
Passengers were screened by government certified metal detectors operated and

maintained according to FAA rules and calibrated to detect guns and large knives. Knives
fewer than four inches in length were not prohibited primarily because FAA did not
consider such items to be "menacing" and most state and local laws permitted them to be
carried in a concealed fashion. Carry-on items were screened by government certified x-
ray machines capable of detecting the shapes of items possessing a particular level of
density. In most instances, screening operations were conducted by companies under
contract with the responsible air carrier.
Under the same regulation air carriers were required to screen carry-on baggage using
FAA approved x-ray equipment to identify weapons and other prohibited items such as
flammables, incendiaries, and prohibit them from being carried onto the aircraft.
(PLACEHOLDER: CLARIFY HERE THE DISTINCTION BETWEEN FAR, ACSSP
AND GOC STANDARDS)
(PLACEHOLDER ON CONTRACTING PRACTICES)

FAA rules also required screening personnel to have completed 15 hours of training, and
the checkpoint screening of passengers and carry-on baggage was designed to prevent
passengers from carrying onboard weapons with a metal content equal to or hi excess of a
small handgun.199
Checked Baggage Screening for Explosives

Air Carriers were responsible for screening the checked baggage of "selectees" for
explosives using certified Explosives Detection System (EDS) equipment or a "suitable"
alternative, in accordance with an FAA approved Air Carrier Standard Security Plan.200
Alternatives include trace detection screening, K-9 screening or physical search. In the
absence of this capability, the air carrier was permitted to practice Positive Passenger Bag
Match to assure that no bag was loaded into the hold without its owner on board the
aircraft, under the presumption that a bomber would not commit suicide
(PLACEHOLDER FOR MORE DETAILED EXPLANATION)
Cargo and Mail Screening

Air Carriers were responsible for categorizing cargo between known and unknown
shippers, and subjected the cargo to various tiers of inspection in accordance with an
FAA approved Air Carrier Standard Security Program.
(PLACEHOLDER FOR MORE DETAILED EXPLANATION)
Aircraft and On-Board Security

56
Air Carriers were responsible for guarding and inspecting their aircraft; and for training
aircrew on security procedures, in accordance with an FAA approved Air Carrier
Standard Security Program.202
Federal Air Marshals
The FAA was responsible for operating a Federal Air Marshal program placing armed
and trained security officers on certain high-risk flights.203 204 (NOTE: DISCUSSION OF
NUMBERS WILL HAVE TO BE IN A CLASSIFIED ANNEX.)
Cockpit Doors
In 1964 the FAA implemented a rule requiring the "closing and locking of crew
compartment doors of scheduled air carriers and other large commercial aircraft in flight
to deter passengers from entering the flight deck either intentionally or inadvertently."205
(PLACEHOLDER: ADD MFR INFORMATION)
In-Jlight Emergency Response
The Air Carrier Standard Security Program required air carriers to provide training to
flight and cabin crews on how to handle security contingencies such as hijacking.
James May, Executive Director of the ATA, described the industry's view of the FAA's
hijacking policy as follows:
In the event of a hijacking, the FAA's policy was one of cooperation: flight crew and
cabin crew were to be trained not to overpower the hijacker, and cabin crew were to
assure hijackers that crew would cooperate with their demands.206
The training of flight crew required by. the ACSSP consisted of (QUOTE ACSSP).
Among the materials approved for this training was a video titled "The Common
Strategy." (PLACEHOLDER: ADD ADDITIONAL DETAILS ON "COMMON
STRATEGY," INCLUDING QUOTES ON THEORY BEHIND APPROACH)
Aviation Security Alert Levels

Intelligence estimates were used to establish the alert level at which the FAA expected
civil aviation security system to operate.
Both the Air Carrier Standard Security Program and the Airport Operator Security
Program contained an "Aviation Security Contingency Plan," which outlined specific
threat levels and the accompanying required countermeasures "to ensure that the FAA,
airport operators, and air carriers are able to respond on short notice to all civil aviation
threats."207
Aviation Security Contingency Plan (AVSEC Plan)208

57
AVSEC ALERT LEVEL AIRPORT OPERATOR AIR CARRIER

MEASURES MEASURES
Level I: Political tensions may Inform airport, air carrier, and Inform its employees working at
provoke elements hostile to the airport tenant management with the affected airport(s) who have
U.S. to initiate demonstrations an operational need to know of an operational need to know of
and/or low level attacks against the increased threat and the increased threat and
symbols of the U.S.; or there is corresponding alert level. corresponding alert level.
reason to believe that civil unrest
could increase the risk to civil Review and ensure adequacy of Review and test its contingency
aviation personnel and vehicle ID issuance and emergency communications
and control procedures. procedures.
Review and test its contingency Establish liaison with each airport
and emergency communications it serves to coordinate measures
procedures. that may be necessary if the alert
level increases.
Level II: Information suggests Deployuniformed security Deploy personnel to provide
that groups previously known to patrols or law enforcement increased surveillance and
attack civil aviation may be officers (LEOs) at airports to prevent unauthorized access to
preparing actions against symbols provide surveillance, act as a checked baggage in baggage
of the U.S.; or civil disturbances deterrent, and respond as make-up areas.
with the potential to affect civil necessary to security related
aviation are likely incidents. Search for weapons and
explosives all vehicles left
Develop and implement a unattended outside of areas
schedule for increasing the controlled under FAR 107.14 and
frequency of inspections in used to transport passengers from
passenger terminals (both sterile a terminal building to a departing
and non-sterile public areas) aircraft.
Discontinue service to and secure

lockers located in non-sterile
public areas of passenger
terminals.
Increase the number and

frequency of random
identification checks on the AOA
and at controlled access points to
the secured area.
Advise Explosive Ordinance

Disposal (EOD), tactical, and/or
-9 units of the increased threat.
Level III: Information indicates a Arrange for and deploy Apply the Contingency Passenger
terrorist group or other hostile plainclothes security personnel or Profile Criteria, issued by the
entity with a known capability of LEOs for surveillance in FAA, to all originating
attacking civil aviation is likely to terminals and other locations as passengers and those passengers
carry out attacks against U.S. appropriate. transferring from air carriers not
targets; or civil disturbances with subject to this requirement. The
a direct impact on civil aviation icre available, request EOD FAA will determine the profile
have begun or are imminent 'and tactical teams to respond criteria when it receives threat
and/or utilize explosives information, and the air carrier
detection measures such as K-9 will take the following

58

MEASURES MEASURES
or electronic sniffers. countermeasures in conjunction
with this requirement.
Post signs at each ticket counter
and screening checkpoint or make PJmicallv search or screen. with_
routine public announcements an approved device specifically_
that emphasize the need for all identified in the security
passengers to closely control directive, the carry-on property of
baggage and packages to avoid those identified as selectees. and_
transporting items without their hand wand or pat down that
knowledge. person.
Inspect by x-ray, physically

search, or screen with an
approved EDS or other
appropriate device the checked
property of selectees.
Remove batteries from all

electrical and electronic devices
in the checked baggage of
selectees, and place batteries
separate from the devices except
where the air carrier screens the
baggage with an EDS or other
approved device.
Do not transport checked baggage

of a selectee unless that person
are aboard the same flight or a
verifiable tracking system
establishes the unaccompanied
baggage is a result of
circumstances beyond the
selectee's control
Level IV: Information confirms Deploy uniformed security Discontinue curbside check-in.
that terrorist organizations with patrols or LEOs at airports to
demonstrated capability are provide surveillance, act as a Screen the checked and carry-on
planning an attack against U.S. deterrent, and respond as baggage of all passengers by a
civil aviation; or, in the necessary in monitoring vehicle physical searclôf^-ray
estimation of the Asst. traffic flow to the terminal areas. inspection, or by screening with
Administrator for CAS, the an approved EDS or other device
highest level of security possible Reduce the number of operational specifically identified in the
is required to protect U.S. air access points to assist law security directive.
travelers enforcement personnel or security
patrol personnel in monitoring Physically search, inspect by x-
individuals gaining access to ray, inspect with FAA approved
sterile areas, restricted areas, and USAF certified explosives
AOA, or SID A of an airport. detection K-9, or screen with an
EDS or other approved device all
Increase random ID checks in the cargo other than items from a
SIDA by security personnel, known shipper.
airport operations personnel, or
LEO patrol. Either ensure that originating

59

MEASURES MEASURES
passenger checked baggage is not
transported unless the passenger
is aboard the same aircraft or
screen all checked baggage with
an EDS or other approved device.
Search all service personnel and

equipment permitted aboard the
airplane, other than the carrier's
direct employees).
Hand wand all personnel and

passengers immediately before
entering the aircraft (for
international points only).
SPECIAL CATEGORY: Reduce restricted area access Apply the Contingency Passenger
Countermeasures would require points to an operational minimum Profile criteria issues by the FAA,
high operational and economic in coordination with air carriers using interview techniques, to
burdens on airports and air and airport tenants. each passenger. The FAA will
carriers, and FAA would consider develop a profile criteria, if
limiting to specific threats, Limit individual access by time possible, after it receives threat
airports or flights. and date when appropriate. information.
Remove any unattended, Physically search, inspect by x-

unauthorized vehicles parked ray, inspect with FAA approved
within 300 feet of a terminal and USAF certified explosives
building where passengers load or detection K-9, or screen with an
unload, or where curbside check- EDS or other approved device all
in takes place. cargo (for cargo specific threats
only).
Inspect by x-ray, or screen with

an EDS or other approved device,
or physically search all small
package shipments.
For cargo received from new

shippers, either apply FAA
profiling criteria (with physical
search of selectee shipments),
screen with EDS or other
approved device, or (for cargo-
specific threats) reject such
shipments.
Reject all cargo shipments, with

limited exceptions (for cargo-
specific threats).
Inspect mail parcels over 16

ounces by x-ray, or an EDS or
other approved device unless
screened by USPS.

60

MEASURES MEASURES
Restrict access to boarding areas
to ticketed passengers.
Weaknesses in the System
(PENDING DECISION ON WHETHER TO TREAT THIS SECTION MORE

EXHAUSTIVELY OR PUT INTO "DISCUSSION" SECTION FOLLOWING
NARRATIVE PART II)
While the aviation security system was intended to be a multi-layered, integrated system
of protection, each of the layers had significant flaws that were recognized to varying
degrees by Congress, the FAA and the industry.
Intelligence: Although FAA's Office of Intelligence maintained liaisons with the FBI,
CIA and Department of State, the agency unsuccessfully sought access th greater 1
of raw data from the Intelligence community and perceived a "blind
intelligence that FAA officials attributed to the FBI's focus on criminal investigations
rather than intelligence gathering. (PLACEHOLDER TO CONFIRM EITHER
ADDITIONAL ANECDOTATEVIDENCE OR DOCUMENTARY EVIDENCE TO BE
SURE THIS STATEMENT IS TRUE. MAY MOVE THIS TREATMENT TO THE
"DISCUSSION SECTION" AFTER THE 9-11 NARRATIVE; PLACEHOLDER FOR
OUR ANALYSIS OF THE ICF'S TO BEAR OUT THE PAUCITY OF DOMESTIC
INFORMATION—AGAIN MAY RESERVE THIS TREATMENT FOR THE
DISCUSSION SECTION) > ;
Computer pre-screening was an inexact science that identified many individuals who
posed no particular threat to aviation as "selectees" and operated without empirical
evidence that it captured all of those who were. While the system was designed, hi part,
using hijacker profiles, it was targeted only at those who checked bags, and the
consequences of "selection" were limited to screening the selectees' baggage for
substantial risk to domestic aircraft and a confidence that the combination of checkpoint
screening and on-board emergency procedures were sufficient to counter a moribund
hijacking threat.
Checkpoint screening was the primary bulwark of the aviation security system. By
2001, however, any confidence that checkpoint screening was operating sufficiently was
belied by numerous (PLACE HOLDER: ASCERTAINING AN EXACT NUMBER OF
REPORTS) publicized studies by the General Accounting Office209 and the Department
of Transportation's Office of Inspector General210 which over the previous twenty years
u had documented systemic and chronic weaknesses in the systems deployed to screen
passengers and baggage for weapons or bombs.

61
The poor performance of checkpoint screening operations was discerned using FAA tests
designed only to evaluate the system's ability to detect prescribed "test items" used by
government auditors. The test protocols did not reflect the wide range of prohibited
weapons that the metal detectors and x-ray equipment in place were operationally
incapable of detecting nor did it account for the weapons and operational tactics that a
committed terrorist would most likely employ.
Aircraft protection and emergency procedures were the final layer of protection in the
concentric layers of aviation security. (SSI) By 2001, however, the Federal Air Marshal
program had declined to a small fraction of its strength in the 1970's, and marshals were
deployed only on high risk international flights. The domestic program withered because
of the system's confidence in checkpoint screening, the absence of hijacking events and
the cost of the program.
Federal aviation regulations required that aircrew be trained in the tactics to address in-
flight emergencies including a hijacking protocol based on cooperation. Years of
experience in dealing with "traditional," non-suicide hijacking in which the plane was
commandeered either to provide transportation or to use for bargaining purposes resulted
in a philosophy of appeasement and negotiation. Pilots and flight attendants were trained
to refrain from any attempt to overpower hijackers.211
Aviation security commentator John Nance described the hijacking protocol as follows:
with all the other whose perpetrators had not suicial intent, and thus could arguably be
THE WORLD OF SEPTEMBER 11™

A great challenge in doing a post-mortem on a catastrophic and transformational event
like the terrorist attacks of September 11,2001 is to try to recapture the reality of that
time for the people who lived it, including those in policy-making positions. Hindsight
usually confers not only enhanced understanding of the rush of past events, but, almost
inevitably in the case of an occurrence like 9/11, provides a dramatically altered
perspective. If we want to answer fully the question about the failure of the civil aviation
system on that day, we have to try to recall "the world of September 11th."
The then-Administrator of the FAA, Jane Garvey, testified on this point to the
Commission.

62
DRAFT FOR INTERNAL USE ONLY ,^f DRAFT
On September 10th, we were not a nation at war. On Septern1>£r 10th, we were a nation
bedeviled by delays, concerned about congestion, and patienMo keep moving. On
September 10th, aviation security was responsive to the_assessed threat based on
information from intelligence and law enforcement agencies... And on September 10th,
based on intelligence reporting, we saw explosive devices on aircraft as the most
dangerous threat. We were also concerned about what we now think of as traditional
hijacking, in which the hijacker seizes control of the aircraft for transportation, or in
which passengers are held as hostages to further some political agenda.213
Aviation Priorities
In the lead-up to September 11,2001, the aviation security system had been enjoying a
period of relative peace. While there was an acknowledgement of a changing and
continuing potential terrorist threat to civil aviation, those who looked at civil aviation
security prior to September 11, 2001 could observe that there had not been a hijacking or
bombing of a U.S. air carrier since 1991. Writing in 1999, aviation security expert and
former Gore Commission member Brian Jenkins observed,
Commercial aviation has long been a favorite target of terrorists, who have viewed
airliners as nationally-labeled containers of hostages in the case of hijackers, or victims in
the case of sabotage. This set off a deadly contest between terrorists and security which
has continued for the past 30 years with security gradually gaining. In the early 1970s,
more than 30 percent of international terrorist attacks were targeted against commercial
aviation; it is less than 10 percent today.214
0 On September 11, 2001, most participants and expert observers of the aviation security
system noted that: a) security for civil aviation in the United States is a daunting
challenge under any circumstances;215 b) airline travel had been and continued to be a
very safe mode of transportation,216 and c) there are other competing and compelling
interests that necessarily have been, and should be, taken into account in the making of
aviation security policy. ; v
On this last point, terrorism expert and Gore Commission member Brian Jenkins detailed
some of the factors that serve as "obstacles" to the implementation of aviation security
measures, and that "may be inevitable in a democratic process:"
Lack of consensus on the threat the highly competitive airline industry's resistance to
spending money or increasing charges to passengers, effective lobbying at the White
House and in Congress, efforts to achieve a balanced federal budget, a slow, often
cumbersome rule-making process, and fleeting focus as other issues commanded
immediate attention.217
Demand for air service was robust and beginning to outpace the capacity of the system.
Heeding calls for improved service and increased capacity, Congress focused its
legislative and oversight attention on measures to improve the capacity, efficiency and
customer service of the aviation system, including a "passenger bill of rights" mainly to
assure a more convenient and comfortable passenger experience.218

63
The FAA, as well, was centered on customer service, capacity and economic issues.
Security efforts were focused on efforts to implement a three-year old mandate to deploy
explosives detection equipment at all major airports and on attempts to complete a nearly
three year rulemaking effort to mandate certification of checkpoint screening companies,
increase screener training and impose stricter background checks on screeners and airport
employees.219
Meanwhile, profit-challenged air carriers, feeling the effects of deregulated competition,

increased fuel costs, and constrained spending by business travelers remained focused on
their tenuous financial position, and responding to the public demand for improved
customer service.
Perceived Aviation Security Threat

On the national security front, the aviation security community perceived a heightened
level of threat domestically. A security directive issued by the FAA in 1998 described
the FAA's analysis of the threat:
In recent years, the Unite4 States has become a more attractive target for terrorist
attacks... the threat posed by foreign terrorists in the United States has increased, and the
FAA believes that the threat will continue for the foreseeable future. ..Of specific concern
are individuals, groups and states hostile to the United States which continue to threaten
violence against America and American citizens in retaliation for U.S. policies. Iranian -
backed groups, such as Hizbollah, have supporters inside the United States who could be
used to support an act of terrorism here. Hizbollah is known for its suicide attacks in
Lebanon, and for some of the most sophisticated attacks against civil aviation in history.
In addition a variety of other transnational radical Islamic terrorist groups have a
presence in the United States. Among those are loosely affiliated extremists who operate
outside the tight structures, centralized manner of traditional groups.. .The amorphous, ad
hoc nature of these elements poses a new challenge to law enforcement in identifying,
prediction, and interdicting their activities. The individuals responsible" for the bombing
of the World Trade Center and those of convicted of the plan to attack several U.S. Air
Carriers in East Asia in early 1995 are examples of the threat posed by loosely-affiliated
terrorists. .Civil aviation has been a prominent target for these and other transnational
terrorists. In the past several years, information has been received that individuals in the
United States associated with loosely-affiliated extremists have discussed targeting
commercial aircraft and civil aviation facilities T.nngply-affiliateH extremists have also
shown a particular interest in media reporting regarding airline and airport security. Civil
aviation is not the only possible target for terrorists operating in the United States and it
may not even be the most likely one, but it remains a current target in the terrorist
inventory... as such a terrorist attack in the United States could occur with little or no
warning.
Ironically, this language accompanied an FAA Security Directive that, in part,

implemented the automated pre-screening system (CAPPS I) which lowered the level of
personal and carry-onscregning that "pre-screening selectees" were required to receive.

64
In this context, the FAA was aware of the increased chatter being picked up by U.S.
intelligence agencies and the community's growing nervousness during the summer of
2001 that terrorist attacks were in the offing.
The conviction of Ahmed Ressam for a plot to bomb the Los Angeles International
Airport during the millennium and of the 1998 U.S. embassy bombings in Africa,
heightened fears that Islamic radicals would seek retribution against U.S. targets.
g iimr" pr i gnH '"^"ifri, °irir* (???) the domestic aviation system was
operatingfiTSecuritvAlert Level III. jThis level indicated. . . .and
required. . .(PLACEHOLDER: ADD AVSEC INFORMATION.)
While security analysts at FAA saw an increasing terrorist threat to U.S. civil aviation,
the nature of that threat was considered to be against U.S. carriers operating overseas. To
the extent that a domestic U.S. threat was perceived, it was considered to be most likely
in the form of a non-suicide bombing.
Though civil aviation security authorities at the FAA received a steady stream of data
from the intelligence community throughout the year leading up to September 11, 2001,
an in-depth study of the FAA's Intelligence Case^Files, Intelligence Notes, security
briefing documents, and supporting files, as well as interviews with key FAA intelligence
and civil aviation security officials produced no documentation or other evidence tn
o .«aiggest that the FA A possessed intelligent prior tr> gpptftmlvr 1 1 J 7001 tW q plot tr>
hijack commercial aviation and use them as weapons of mass destruction was in the
offing.
Nevertheless, the possibility of a suicide hijacking occurring in the United States was at
least considered within the realm of possibility by civil aviation security authorities.
Prior to September 11, 2001, the FAA produced a CD- ROM presentation for air carrier
and airport authorities describing the increased threat to civil aviation. The presentation
cited the possibility of suicide hijacking but stated "fortunately, we have no indication
that any group is currently thinking in that direction." 221
Moreover the FAA was aware of previous threats to conduct suicide hijacking or use
aircraft as a weapon of mass destruction both domestically and overseas. Numerous
FAA documents, including agency account* published in th? FHml PLggiBt°r, wurity
directives to air carriers and airports, and intelligence filpg pmrlnrpH hy th>.
Office of Civil Aviation Intelligence clearly expryssf* tv»» F A A »g
terrorist groups were active in the United States and maintained a historic interest in
targeting aviation.
In addition, FAA security authorities were aware of Usama Bin Laden's declaration of
war against the United States in 1996 and 1998 and understood that this threat could have
ramifications for civil aviation security.

65
As of September 11, 2001 eight FAA security directives, requiring air carriers and
airports to take specific safety precautions, were in effect (seven were issued during the
course of 2001 and one dated back to 2000).
None specifically referenced the Al Qaeda organization, the 9-11 hijackers, or a threat to
hijack a plane and use it as a guided missile. A Security Directive issued April 24,2000
did issue an alert regarding Al Qaeda operatives including Khalid Shaikh Mohammed,
(who the FBI identifies as the main planner of the 9/11 attack) and five other individuals
associated with Ramzi Ahmed Yousef and the 1995 Bojinka plot. (PLACEHOLDER:
CHECK TO SEE IF LIST INCLUDED Al QAEDA MEMBERS; SEE WHAT WAS
BEHIND THE MARCH 22 SD).222 FAA issued another SD on August 28,2001 Security
Directive warning airports and air carriers about nine individuals who should receive
extra security screening^ including physical search. At least six of the nine carried
Pakistani passports. (PLACEHOLDER: SEE WHAT WAS BEHIND THIS SD AND
223
IF THE PEOPLE ARE KNOWN AL QAEDA).~~
Thirty-three FAA Information Circulars (IC's) alerting air carriers and airports to
aviation security concerns had been issued dating back to 1993 and remained in effect as
224
of September 11, 2001.""
Among the eight IC's issued in 2001 was a July 31 circular alerting the aviation
community to "reports of possible near-term terrorist operations.,..particularly on the
Arabian Peninsula and/or Israel." The circular stated that the FAA had no credible
evidence of specific plans to attack U.S. civil aviation interests, "Nevertheless, some of
/ the currently active groups are known to plan and train for hijackings and have the
•) capability to construct sophisticated FED's concealed inside luggage and consumer-
products. The FAA encourages all U.S. Carriers to exercise prudence and demonstrate a
high degree of aler
Interviews with air carrier officials indicated that... (PLACEHOLDER: PENDING

INTERVIEWS WITH AIRLINES; HOW DID THEY RESPOND TO THIS CALL
TO BE PRUDENT AND ALERT)
While the 1C seemed to focus attention on an overseas attack, the FAA issued a Security
Directive on July 27.2001 cautioning the aviation community about the use of fake
credentials to penetrate secure areas at facilities overseas. The Directive stated, "...one
can be certain that terrorists who might be contemplating an attack against civil aviation
in thrUSted States have taken note of the attractiveness of this modus operandi."226
Of theJC's issued in 2000 that were still in effect on September 11,2001, six raised
warnings associated with the activities and threats of Usama Bin Laden.
(PLACEHOLDER: PENDING LOOK AT THE DAILY INTELL SUMMARY

AND SOME OF THE RAW DATA RECEIVED BY ACI; SEE WHAT
PROMPTED THE JULY 311C AND WHAT CREDIBLE MEANS AND WHY
THE FOCUS ON THE ARABIAN PENINSULA; SEE WHAT ATA; AAL; UAL

66
DID TO EXERCISE PRUDENCE AND DEMONSTRATE A HIGH DEGREE OF

ALERTNESS)
Intelligence was the first line of defense against terrorist attack upon aviation, and the
FAA perceived significant shortcomings in the intelligence system even before
September 11th. The head of FAA's civil aviation intelligence office and other
commission interviewees described frustration with the level of access to intelligence
information produced by the Intelligence Community, particularly the CIA and the FBI,
and with the dearth of intelligence on the domestic threat.227
One FAA official testified to the Commission that a "blind spot" in domestic intelligence
was the result of the FBI's focus on criminal investigations rather than intelligence
gathering. The interviewee stated that the FAA's complaint to the Intelligence
Community was that "you can tell us what's happening on a street in Kabul, but you
can't tell us what's going on in Atlanta." FAA officials cited efforts to obtain greater
levels of intelligence from the Intelligence Community, including an offer to provide
additional analysts in exchange for greater access to raw intelligence, were rebuffed by
senior leadership at the CIA.
In the absence of intelligence to uncover and interdict a terrorist plot in the planning
stages or prior to the perpetrator gaming access to the aircraft, it would be up to the other
layers of aviation security to counter the threat.
Prescreening
The first layer in this process was the CAPPS I program or the computer-assisted
passenger pre-screening program. Prior to 1998 the pre-screening system was
implemented manually by air carrier counter personnel who applied criteria approved by
the FAA to identify individuals who may pose more than a "minimal risk" to the aircraft.
The criteria did not include an individual's race, creed, religion or national origin.
'
Those who met the criteria referred to as "selectees" were subject to additional security
screening of their person, carry-on items and checked baggage. FAA automated the
selection system with CAPS beginning in 1998. Under this program an algorithm of
factors and weights was used to assign a score that would identify "selectees." This was
perceived as fairer and more accurate than manual determinations.
While the profile characteristics used by the computerized algorithm were based on both
a hijacker and bomber profile, th<» FA A issnt-iH p nite stipulating that only peopje
checking bags could be designated as "selectees" and that the consequences of
"selection" would tn nf th<> individual's checked baggage for
! ) substantial risk to domestic aircraft and a confidence that the combination of checkpoint
FOR INTERNAL USE ONLY DRAFT

67
screening and on-board emergency procedures were sufficient to counter the hijacking
threat.22f
Checkpoint screening
In fact, the commission received testimony that one of the primary reasons that the
consequences for "selection" were restricted, was the perception that checkpoint
screening was being effective, and that the FAA did not want screening personnel to
focus on "selectees" at the expense of examining passengers who were not selected by
CAPPS.229
As of 2001 any confidence that checkpoint screening was operating sufficiently was
belied by numerous publicized studies by the General Accounting Office230 and the
Department of Transportation's Office of Inspector General231 which over the previous
twenty years had documented systemic and chronic weaknesses in the systems deployed
to screen passengers and baggage for weapons or bombs.
FAA regulations required certified air carriers "to conduct screening...to prevent or deter
the carriage aboard airplanes.of any explosive, incendiary, or a deadly or dangerous
weapon on or about each individual's person or accessible property, and the carriage of
any explosive or incendiary in check baggage."232 The screening systems were designed
to detect firearms and large knives. Knives fewer than four inches in length were not
prohibited.
Even the FAA's own testing of the system demonstrated consistently poor rates of
identifying weapons and other prohibited items by checkpoint screerters. Many of the
government reports cited low pay, insufficient training and high-turnover rates that
reached nearly 400% among screeners at the nation's airports.23:3
The poor performance of checkpoint screening operations was discerned through tests
designed only to evaluate the system's ability to detect certain test items used by
government auditors. The tests did not reflect the range of weapons that the equipment in
place was simply unable to detect nor the tactics that a committed terrorist would most
likely employ.
In its final rulemaking action of July 17,2001, which aimed at updating the basic security
requirements for airlines and airports, the FAA itself noted that, "publicity about
problems with U.S. domestic civil aviation security measures increases the potential for
attack here."234
Despite the shortcomings in the system, the fact that neither a hijacking nor a bombing
had occurred domestically in quite sometime was perceived by many within the system
as confirmation that it was working.235 This in part explains the view of the Department
of Transportation's chief of intelligence and security who testified to the commission that
"we thought we'd won" the battle against hijacking.236

68
Accordingly, most of the FAA's emphasis and resources were focused on the continuing
effort to deploy explosives detection systems to screen checked bags, and where such
equipment was unavailable to assure that no bags were loaded on an aircraft without a
corresponding passenger on board. The practice of "Positive Passenger Bag Match" or
PPBM was designed to stop a non-suicide bomber from introducing an explosive into the
aircraft.
Aircraft Protection
Under the "layered" approach to aviation security, should a terrorist or criminal

successfully defeat checkpoint screening, the back-up line of defense was on-board
protection of the aircraft. Predominantly this vector included a Federal Air Marshal
program that placed trained law enforcement personnel aboard U.S. flagged aircraft, and
aircrew procedures for addressing in-flight emergencies.
By 2001 the Federal Air Marshal program had declined to a small fraction of its strength
in the 1970's, and marshals were deployed only to international flights.237 Flight crews
were required to receive training in an FAA-approved "common strategy" for addressing
in-flight emergencies including hijacking. Years of experience in dealing with
"traditional," non-suicide hijacking in which the plane was commandeered for
transportation or negotiation, produced procedures that included explicitly training flight
crews to refrain from any attempt to overpower hijackers.238
1
•*' Aviation security commentator John Nance described the hijacking protocol as follows:
with all the other whose perpetrators had not suicidal intent, and thus could arguably be
While flight standard rules implemented in the 1960's required that air crew keep the
cockpit door closed and locked in-flight. This rule, however, was neither observed by
flight crew, nor enforced by the Federal Aviation Administration. (PLACEHOLDER:
PRO VE)E MORE ON THIS)
On September 1 1, 200Ltbe-ehallenges for would-be hijackers of domestic flights of U.S.

civil aviation air camereJioilfid-tojiypiding prior notice by the American intelligence and
law enforcement communities, and employing weapons and tactics capable of defeating
the screening and aircraft defense systems then in place. A review of publicly available
literature and/or the use of "test runs" would likely have improved the odds of
accomplishing the latter.
July 2001 Rulemaking
Many of the challenges facing the civil aviation security system were well illustrated by
the final rule revising Federal Aviation Regulation, Part 108, through which the FAA set
the security framework for the airlines. That particular rulemaking began in August of

69
1997, but the final rule was not promulgated until almost four years later, on July 17,
2001, with an effective date of November 14, 2001.
Based on a threat assessment that estimated the potential threat to domestic civil aviation
to be "equivalent to some portion" of the Bojinka plot ("12.. .explosions.. .that involve
the loss of an entire aircraft and incur a large number of fatalities"),240 the rule sought to
make improvements in a number of areas including FAA inspection authority and
compliance enforcement, training requirements for certain security personnel, and the
issuance of Security Directives. In addition, as was often the case, over the course of the
rulemaking process, certain FAA proposals were dropped in response to comments
received from the interested public.
• The FAA had proposed to prohibit persons "from carrying a deadly or dangerous
weapon, explosive, or incendiary" but was dropped in the final rule because, "the
FAA has determined that airport operators.. .are able to handle such occurrences
through their local laws that control the presence of weapons and other deadly
items on airport property.. .While the FAA will not take action at this time, it will
continue to assess the need for any future comprehensive security enhancements
regarding weapons and other destructive substances that may be detrimental to the
flying public."
FAA had initially included an accountability compliance element for air carriers,
including penalties. In response to the original proposal, comments were received
as follows: "The UPS, the Denver Airport and ATA agree that individuals should
be held accountable, but strongly object to delegating enforcement authority to the
ah" carrier." In the final rule, the compliance program was deleted, while the
comment period on the proposal was reopened, and the FAA indicated that "the
omission of security compliance programs from the final rule does not stop an
aircraft operator from voluntarily adopting a compliance program at any time."
Lastly, the FAA had proposed that the air carrier be required to "detect and
prevent" the carrying of explosives or dangerous weapons onto an aircraft or into
a secure area. Comments received included: "Alaska Airlines, FedEx, UPS,
United Express, CAA, RAA and ATA state that the air carrier cannot "detect"
introduction of deadly or dangerous items 100% of the time; they believe that
"deter" should be substituted for "detect" In the final rule, "the FAA has decided
to accept the commenters' suggestion so the language.. .remains "prevent or
jleter."_ Both phrases adequately reflect the overall intent that aircraft operators
must use the measures in their security programs to keep deadly or dangerous
weapons, explosives or incendiaries off the aircraft and out of the sterile area."241
While the FAA perhaps saw little distinction in this last change, the airlines viewed
things somewhat differently. In testimony to the Commission, the current head of the
airlines' Air Transport Association indicated that, "This fpre-9/11 aviation security!
system was specifically design^ ar.cnrHing tr> statute actiiqllv. as a "prevent or deter"
9 system and was not a more

70
Conclusion
(PLACEHOLDER FOR CONCLUSION INCLUDING THE ELEMENTS BELOW)
The President's Commission on Aviation Security and Terrorism 1990 report finding that
the FAA was "a reactive agency - preoccupied with responses to events to the exclusion
of adequate contingency planning in anticipation of future threats" continued to hold true
through 9/11/01 and in the immediate response to that disaster. Furthermore this reactive
nature was present not just at the FAA but throughout the entire civil aviation security
system, including the air carriers, the airports and Congress. In addition, this feature was
built into the very nature of the system - which was driven by either cumbersome and
time consuming rulemaking which could be hastened only in the aftermath of disasters or
event-driven Security Directives.
The public's own "threat assessment" was generally sanguine with respect to commercial
aviation safety and security in the period leading up to 9/11. hi an ABC Poll taken just
after the 1999 EgyptAir crash off the East Coast of the United States, 58% of the
respondents indicated their belief that flying was safer than driving, while 39% chose
driving as the safer. In a Fox News/Opinion Dynamics survey conducted during the
same period, fully 78% cited poor maintenance as "a greater threat to airline safety" than
terrorism, while just 15% selected terrorism as the principal threat.243
D With such perceptions - and realities - and with a security system that was largely paid
for and carried out by an industry which was still struggling economically, it is perhaps
somewhat easier to understand some of the constraints operating on the aviation security
system on September 11, 2001. But, as observed previously, even under such limitations
and even with a pre-9/11 mindset, the system's flaws were well-known.
As DOT Inspector General Kenneth Mead testified to the Commission:
I think that the system we had in place before September 11th had in fact undergone
incremental improvements over the years, especially in the last five or six, and I believe
in fact provided a deterrent value for certain types of threat. Overall, though, the model
on which the system was based did not work very well, and there were significant
weaknesses in the protections it provided, even for the types of threats the system was
designed to prevent.244
On September 11,2001, the prescreening of civil aviation passengers in the United States
was solely designed to prevent individuals from placing explosives in their checked
baggage. The screening checkpoints were, geared to preventing the carrying on board an
airliner of weapons with a metal content equal to or greater than a small handgun. Any
items with a lesser metal content, say box cutters or short-bladed knives, would not have
been detected, barring an effective physical search by a security screening workforce
whose performance difficulties had been publicly documented by the General Accounting
Office and others for over a decade.
Q
71
In the event such a weapon were discovered, security checkpoint rules in effect at that
time would have caused the box cutters to be placed in checked baggage, while short-
bladed knives would have been permitted to be carried into the passenger cabin. Once
onboard, a would-be hijacker would have been confronted with flight crew tactics which
were designed to avoid attempts to overpower the hijackers and which did not address the
possibility of suicidal intent.
And all of these design features were, at least to some degree, knowable to interested
parties via a review of the public record and/or carefully planned "test-runs."
Determined, highly motivated individuals who were largely immune to whatever
"deterrent" value was possessed by the civil aviation security system, who escaped notice
in FAA Security Directives (which essentially supplied the pre-9/11 "no fly" lists for the
air carriers), who used weapons with a metal content less than a small handgun, and who
did not conform to the traditional, non-suicide hijacking paradigm were likely to be
successful in hijacking an aircraft.
1 Civil Aviation Security Reference Handbook, May 1999, Appendix D, p. 1 [SSI]

2 U.S. Centennial of Flight Commission, "The Federal Aviation Administration and Its Predecessor
Agencies," http://www.centennialofflight.gov/essaY/Government Role/FAA Historv/POLS.htm)
3 Federal Aviation Act of 1958; Public Law 85-726; 72 Stat. 737; 49 U.S.C. App. 1301 et. seq.
"14CFR108.9
5 Including, among others, Aviation Security: Additional Actions Needed to Meet Domestic and
International Challenges (GAO/RCED-94-38, January 27, 1994); Aviation Security: Urgent Issues Need to
Be Addressed (GAO/T-RCED/NSIAD-96-251, September 11,1996); Aviation Security: Slow Progress in
Addressing Long-Standing Screener Performance Problems (GAO/T-RCED-00-125, March 16,2000); and
Aviation Security: Long-standing Problems Impair Airport Screener-s' Performance (GAO/RCED-00-75,
June 28, 2000
6 Including Audit Report on Deployment of Explosives Detection Systems, October 5,1998 (AV-1999-
001); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation,
before House Subcommittee on Aviation, May 14,1998 (AV-1998-134); Statement on Aviation Security
by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on
Aviation, March 10,1999 (AV-1999-068); and Statement on Aviation Security by Alexis Stefani, Deputy
Assistant Inspector General for Aviation, before Senate Aviation Subcommittee, April 6,2000 (AV-2000-
°76).
7 Security Sensitive Information (SSI)
8 Air Carrier Standard Security Program, 6/28/99, Appendix XIH.4.b(2), pp. 7-8. [SSI]
9 John Nance, Denial of Access: Hardening our Defenses Against Terrorist Manipulation of Commercial
Aircraft," CCH Inc. Issues in Aviation Law and Policy, September 28,2001, p. 1.
10 Federal Aviation Administration, 2001 CD-ROM Terrorism Threat Presentation to Aviation Security
Personnel at Airports and Air Carriers, Slide 24. [SSI]
11 Federal Register, July 17,2001, p. 37331.
12 Testimony of James C. May, Chairman and CEO, Air Transport Association of America, to National
Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22,
2003
13 Security Sensitive Information (SSI)
15 Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus
Books, 2003), p. 140.
16
17
18 Air Transport Association, Airlines in Crisis: The Perfect Economic Storm, May 2003, pp. 9,25.

72
19 U.S. Statutes at Large, 69th Congress, 1925-1927, Vol. 44 Part II, USGPO, 1927, pg 569.
20 U.S. Centennial of Flight Commission, "Aviation Security,"
http://www.centennialofflight.gov/essav/Government Role/security/POLl 8.htm)
21 Aviation Terrorism and Security, Wilkinson and Jenkins, p. 10.
22 Civil Aviation Security Reference Handbook, May 1999, p.2 [SSI]
23 President's Commission on Aviation Security and Terrorism, Report to the President, Washington, DC,
May 15, 1990, p. 160.
24 Rochester, Stuart I., Takeoff at Mid-Century: Federal Civil Aviation Policy in the Eisenhower Years
1953-1961, U.S. Department of Transportation, Federal Aviation Administration, Washington, DC, 1976,
pp. 262-263.
U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on
Civil Aviation Security Responsibilities and Funding, 1998, p. 19.
26 Alexander T. Wells, Commercial Aviation Safety, third edition, 2001
27 FAA Historical Chronology, 1926-1996, www.faa.gov
29 29 FAA Historical Chronology, 1926-1996, www.faa.gov
31 Civil Aviation Security Reference Handbook, May 1999, p. 2 [SSI]
32 Civil Aviation Security Reference Handbook, May 1999, p. 2.[SSI]
35 CMl Aviation Security Reference Handbook, May 1999, p. 2 [SSI]
36 CMl Aviation Security Reference Handbook, May 1999, p. 79. [SSI]
37 Kent, Richard J., Jr., Safe, Separated and Soaring: A History of Federal CMl Aviation Policy 1961-1972,
U.S. Department of Transportation, Federal Aviation Administration, Washington, DC, 1980, p. 338.
38 CMl Aviation Security Reference Handbook, May 1999, Appendix D, p. 3. [SSI]
39 U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on
41 Testimony of Paul Busick to Senate Committee on Governmental Affairs, Hearing on "Weak Links:
How Should the Federal Government Manage Airline Passenger and Baggage Screening?" September 25,
2001, S. Hrg. 107-208, p. 110; and CMl Aviation Security Reference Handbook, May 1999, Appendix D, p.
3 [SSI] /'. ;>
42 Congressional Quarterly, 1974 CQ Almanac, pp. 275-276
43 CMl Aviation Security Reference Handbook, May 1999, pp. 14,41 [SSI]
46 U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on
48 Rodney Wallis, "The Role of the International Aviation Organisations in Enhancing Security," in
Wilkinson and Jenkins, eds., Aviation Terrorism and Security (London and Portland, OR: Frank Cass
Publishers, 1999), pp. 87-88..
51 CMl Aviation Security Reference Handbook, May 1999, Appendix D, p. 5 [SSI]
52 CMl Aviation Security Reference Handbook, May'l 999, p. 2 [SSI]
53 CMl Aviation Security Reference Handbook, May 1999, Appendix D, pp. 8-12 [SSI]
54 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 303.
55 See attached indictment of Libyan terrorist convicted in the bombing, and the attached press story about
the incident.
56 See Criminal Acts Against Aviation report, and testimony by Paul Bremer before House Foreign
Relations Committee on February 9, 1989.
58 See floor statement by Sen. Robert Dole

73
59

61 See attached copy of the executive order, press accounts, and statements by Sen. Robert Dole.
62 Report of the President's Commission on Aviation Security and Terrorism, Washington, D.C., 1990, p. i
63 See attached list of Commission recommendations; copy of PL 204-604;
64 See copy of 104-604, and cross reference to commission recommendations.
65 Federal Aviation Administration, Criminal Acts Against Civil Aviation 1996, pp. 50-52,56-57.
66 Daniel Benjamin and Steven Simon, The Age of Sacred Terror (New York: Random House, 2002), pp.
20-26.
67 Interview of Patrick McDonnell, September 24, 2003.
Books, 2003), note 10, p. 248.
69 Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997
70 Letter from Claudio Manno to Joint Inquiry Chairs and Vice-Chairs, February 4, 2003, response to
Question 12. [SSI]
71 Letter from Claudio Manno to Joint Inquiry Chairs and Vice-Chairs, February 4, 2003, response to
Question 12. [SSI]
72 ASAC Security Baseline Working Group, Summary and Recommendations of the Final Report of the
Baseline Working Group, December 12, 1996.
76 Baseline Working Group, Domestic Security Baseline Final Report, Washington, DC, December 12,
1996, Appendix A, p. 1. [SSI]; and U.S. Department of Transportation, Federal Aviation Administration,
Study and Report to Congress on Civil Aviation Security Responsibilities and Funding, 1998, p. 47.
77 Executive Order 13015, August 22, 1996, FR Doc. 96-21996
79 White House Commission on Aviation Safety and Security DOT Status Report, February 1998; White
House Commission on Aviation Safety and Security DOT Status Report, February 1999; White House
Commission on Aviation Safety and Security Status of Implementation of Recommendations: Public
Version, October 2000.
80 Appendix I, "Commissioner Cummock Dissent Letter," in Final Report of the White House Commission
on Aviation Safety and Security, Washington, D.C., 1997
81 NOTE: This point partially addresses Ae 9/11 Families' question: Why were timelines scrapped from the
Gore Commission recommendations?
82 Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997;
White House Commission on Aviation Safety and Security DOT Status Report February 1998; White House
Commission on Aviation Safety and Security February 1999; White House Commission on Aviation Safety
and Security Status of Implementation of Recommendations October 2000: Public Version.
83 Federal Aviation Reauthorization Act of 1996; Public Law 104-264; 110 Stat. 3213
84 Airport Security Improvement Act of 2000; P.L. 106-528; 114 Stat. 2521
86 Conference Report to accompany HR 3539, Federal Aviation Reauthorization Act of 1996, H. Report
104-848, p. 92
87 Jane Garvey Testimony to the Senate Committee on Commerce, Science and Transportation,
Confirmation Hearing, June 24,1997, p.59.
88 Testimony of Kenneth Mead, Inspector General of DOT, to National Commission on Terrorist Attacks
Upon the United States at Hearing on Civil Aviation Security, May 22,2003; and Andrew R. Thomas,
Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), p. 44.
90 Final Report of the White House Commission on Aviation Safety and Security, Washington, DC, 1997.

74
91 Steven Brill, After: How America Confronted the September 12 Era, (New York: Simon & Schuster,
2003), p. 31
92 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), pp.
302-303.
93 National Research Council, Making the Nation Safer: The Role of Science and Technology in Countering
Terrorism (Washington, DC: The National Academies Press, 2002), p. 219.
Agencies," http://www.centennialofflight.gov/essay/Government_Role/FAAHistory/POLS.htm
95 Remarks of Carol B. Hallett, President, Air Transport Association, to the ALPA Safety Forum,
Washington, DC, August 16, 2001
96 Interview of Cathal "Irish" Flynn, September 9,2003.
97 PBS NewsHour with Jim Lehrer, July 25, 1996.
98 Civil Aviation Security Reference Handbook, May 1999, p. 119. [SSI]
Books, 2003), p. 115.
100 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 308
101 Report of the President's Commission on Aviation Security and Terrorism, Washington, DC, 1990, p. i.
102
103 Letter from Susan O. Rork, Managing Director - Security, Air Transport Association, to Admiral Cathal
Flynn, Associate Administrator for Civil Aviation Security, FAA, May 23, 1997. [SSI]
104
105 Title 49 USC Chapter 449 Subitle VII Part A subpart iii Section 44903 (b)
106 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 307
and Legal Information, US Code Collection, http://www4.law.cornell.edu/uscode/49/
107 Legal Information Institute, US Code Collection, http://www4.law.cornell.edu/uscode/49/40101.html
10814 CFR yy. ^ Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-
Hill, 2001), pp. 220-223.
^«*Uit*^ 109 Steven Brill, After: How America Confronted the September 12 Era, (New York: Simon & Schuster,
2003), p. 63.
' 10 NOTE: This point partially addresses the 9/11 Families' question: Were box cutters prohibited items or
not?
220-221. ?• .£
113 Testimony of Mike Canavan, former FAA Associate Administrator for Civil Aviation Security, to
National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security,
May 23, 2003.
114 NOTE: This point partially addresses the 9/11 Families question: Why did screening contractors pay 10
cents on the dollar for fines imposed on them for violations?
115 Testimony of Mary Schiavo, former Inspector General of the department of Transportation, to National
2003.
us NOTE: This point partially addresses the 9/11 Families question: Why did screening contractors pay 10
cents on the dollar for fines imposed on them for violations?
118 Interview of Bruce Butterworth, September 29,2003.
119
120
305-306; and Legal Information Institute, US Code Collection,
http://www4.law.cornell.edu/uscode/49/44931 -44934.html)
122 Civil Aviation Security Reference Handbook, May 1999, pp. 64-68. [SSI]
'\3 Civil Aviation Security Reference Handbook, May 1999, pp. 68-73. [SSI]
" 124 Civil Aviation Security Reference Handbook, May 1999, pp. 74-76. [SSI]
125 Civil Aviation Security Reference Handbook, May 1999, pp. 82. [SSI]

75
Books, 2003), pp. 57-58.
129 Federal Aviation Administration, Aviation Security 1950-2000 (internal document), pp. 27-28.
Agencies," http://www.centennialofflight.gov/essav/Govemment_Role/FAAHistorv/POLS.htm)
Books, 2003), p. 42.
132 Federal Aviation Act of 1958; Public Law 85-726; 72 Stat. 737; 49 U.S.C. App. 1301 et. seq.
133 Mary Schiavo, Flying Blind, Flying Safe (Avon Books, 1997), p. 51.
134 Federal Aviation Administration, FAA Historical Chronology, 1926-1998, www.faa.gov
'35http://thomas.loc.gov/cgi-bin/auerv/F?rl04:3:./temD/~rl04MKlDXY:e95670
136 Conference Report to accompany HR 3539, Federal Aviation Reauthorization Act of 1996, H. Report
104-848, p. 92.
137 Legal Information Institute, US Code Collection, http://www4.law.cornell.edu/uscode/49/40101 .html
138 Testimony of Kenneth Mead, Inspector General of DOT, to National Commission on Terrorist Attacks
Upon the United States at Hearing on Civil Aviation Security, May 22,2003
139 14 CFR Part 108, 1-01-01 Edition
140 Federal Register, July 17,2001, p. 37335.
141 Air Carrier Standard Security Program, 6/28/99, p.10. [SSI]
142 Testimony of Robert W. Baker, Vice Chairman of American Airlines, to Senate Committee on
Governmental Affairs Hearing on "Weak Links: How Should the Federal Government Manage Airline
Passenger and Baggage Screening?" S. Hearing 107-208, September 25,2001, pp. 107-108.
143 Testimony of Gerald L. Dillingham, General Accounting Office, to Senate Aviation Subcommittee of
the Committee on Commerce, Science and Transportation at Hearing on Vulnerabilities in Aviation
Security System, April 6,2000
144 Air Carrier Standard Security Program, Appendix I [SSI]
145 NOTE: This point partially addresses the 9/11 Families' questions: Were box cutters prohibited items or
not? And on the status of mace and pepper spray.
2003 r -V
147 NOTE: This point partially addresses the 9/11 Families' question: Were box cutters prohibited items or
not?
148 Checkpoint Operations Guide, Revision 007, September 10,2001, pp. 5-6 through 5-9 [SSI]
149 NOTE: This point partially addresses the 9/11 Families' questions: Were box cutters prohibited items or
not? And on the status of mace and pepper spray.
150 Air Carrier Standard Security Program, Section V, Change 56, 5/1/2000, pp. 50-54. [SSI]
151 Air Carrier Standard Security Program, Section VI, Change 38,2/1/94, pp. 60-62. [SSI]
152 Testimony of Kenneth Mead, Inspector General, US Department of Transportation, to Senate
Committee on Governmental Affairs at Hearing on Weak Links: How Should the Federal Government
Manage Airline Passenger and Baggage Screening, September 25,2001, S. Hrg. 107-208, p. 80.
153 Testimony of Jane Garvey, former FAA Administrator, to National Commission on Terrorist Attacks
Upon the United States, at Hearing on Civil Aviation Security, May 22,2003
15 NOTE: This point partially addresses the 9/11 Families' question: What tactics did pilots learn to
respond to hijackers? Were these tactics followed?
155 Air Carrier Standard Security Program, Change 56, 5/1/2000 [SSI]
"6 NOTE: This point partially addresses the 9/11 Families' question: What tactics did pilots learn to
respond to hijackers? Were these tactics followed?
159 Interview of Admiral James Underwood, September 17,2003.

76
164 Letter from James C. May, President and CEO, Air Transport Association, to National Commission on
Terrorist Attacks Upon the United States, August 18, 2003, pp. 8-9.
165 Air Transport Association, Annual Report, 1998.
166 Air Transport Association, Airlines in Crisis: The Perfect Economic Storm, May 2003, p. 9.
Books, 2003), p. 94.
169 On 9/11/01, the governing authority was 14 CFR Part 107,1-01-01 Edition.
171 Civil Aviation Security Reference Handbook, May 1999, pp. 119-120, 125. [SSI]
the Committee on Commerce, Science and Transportation at Hearing on Weaknesses in Airport Security
and Options for Assigning Screening Responsibilities, September 21,2001.
176 Testimony of Kenneth Mead, Inspector General, Department of Transportation, to Senate Committee on
Governmental Affairs at Hearing on Weak Links: How Should the Federal Government Manage Airline
Passenger and Baggage Screening, September 25, 2001, S. Hrg. 107-208, p. 80.
177 Executive Order 12333 issued by President Ronald Reagan on December 4, 1981
178
179
ISO
in
182
183 Derived from a search of the Congressional Daily Digest and a word search of the Congressional Record
using the search words "aviation security."
184 Search of the Congressional record using the search words "aviation security."
185 GAOinfo....TBD
186 CRS memo on funding. : T
187 See House Rpt 106-622.
188 Report of the President's Commission on Aviation Security and Terrorism, Washington, D.C., 1990, p.
4189 0 . . . :. . • . - ' .
190
191 '
192
193
194
195 [SSI]
196Brian Jenkins, "Aviation Security in the United States," in Wilkinson and Jenkins, eds., Aviation
Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), p. 106.
197 Final Report of the White Commission on Aviation Safety and Security, Washington, DC, 1997.
198 14 CFR 108.9
199 [SSFJ
200
201
202
203
204 [SECRET]
U 205 Chronology; www.faa.gov
206 Letter from ATA to the Commission dated (See May letter).

77
207 Air Carrier Standard Security Program, Appendix XV, Change 39, 3/15/94, pp. 1-9 [SSI]
208 Air Carrier Standard Security Program, Appendix XV, Change 39, 3/15/94, pp. 1-9 [SSI]
Be Addressed (GAO/T-RCED/NSIAD-96-25 1 , September 11,1 996); Aviation Security: Slow Progress in
Addressing Long-Standing Screener Performance Problems (GAO/T-RCED-00-125, March 16, 2000); and
Aviation Security: Long-standing Problems Impair Airport Screeners ' Performance (GAO/RCED-00-75,
June 28, 2000
210 Including Audit Report on Deployment of Explosives Detection Systems, October 5, 1998 (AV-1999-
before House Subcommittee on Aviation, May 14, 1998 (AV-1998-134); Statement on Aviation Security
Aviation, March 10, 1999 (AV-l 999-068); and Statement on Aviation Security by Alexis Stefani, Deputy
Assistant Inspector General for Aviation, before Senate Aviation Subcommittee, April 6, 2000 (AV-2000-
076).
21 ' Air Carrier Standard Security Program, 6/28/99, Appendix XIII.4.b(2), pp. 7-8. [SSI]
Aircraft," CCH Inc. Issues in Aviation Law and Policy, September 28, 2001 , p. 1 .
213 Testimony of Jane Garvey, former FAA Administrator, to National Commission on Terrorist Attacks
Upon the United States at Hearing on Civil Aviation Security, May 22, 2003.
21 Brian Jenkins, "Aviation Security in the United States," in Wilkinson and Jenkins, eds., Aviation
Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), p. 104.
the Committee on Commerce, Science and Transportation at Hearing on Vulnerabilities in Aviation
Security System, April 6, 2000
Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), pp. 104,108.
Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), pp. 1 10-1 11.
218
219
220 FAA Security Directive 97-0 1C issued on May 26th, 1998 ;

221 Federal Aviation Administration, 2007 CD-ROM Terrorism Threat Presentation to Aviation Security
Personnel at Airports and Air Carriers, Slide 24. [SSI]
222 [SSI]
223 See Security Directives as submitted by the FAA in Commission document request
224 See the Information Circulars as submitted by the FAA in Commission document request
Interview of Claudio Manno, October 1, 2003; and Interview of Patrick McDonnell, September 24,
2003.
228
229
Be Addressed (GAO/T-RCED/NSIAD-96-25 1 , September 11,1996); Aviation Security: Slow Progress in
Addressing Long-Standing Screener Performance Problems (GAO/T-RCED-00-125, March 16, 2000); and
Aviation Security: Long-standing Problems Impair Airport Screeners ' Performance (GAO/RCED-00-75,
June 28, 2000
231 Including Audit Report on Deployment of Explosives Detection Systems, October 5, 1998 (AV-1999-
before House Subcommittee on Aviation, May 14, 1998 (AV-1998-134); Statement on Aviation Security
Aviation, March 10, 1999 (AV-l 999-068); and Statement on Aviation Security by Alexis Stefani, Deputy

78
Assistant Inspector General for Aviation, before Senate Aviation Subcommittee, April 6, 2000 (AV-2000-
076).
232 14CFR108.9
233
234 Federal Register, July 17, 2001, p. 37331.

2003
236 Interview of James Underwood, September 17, 2003.
237 [SSI]
238 Air Carrier Standard Security Program, 6/28/99, Appendix XIII.4.b(2), pp. 7-8. [SSI]
Aircraft," CCH Inc. Issues in Aviation Law and Policy, September 28, 2001, p. 1.
240 Federal Register, July 17,2001, p. 37352
241 Federal Register, July 17, 2001, pp. 37335-37336, 37339,37340-37341.
242 Testimony of James C. May, President and CEO, Air Transport Association of America, to National
2003
243 ABC News Poll by TNS Intersearch, November 1999, N=l,024, MoE +,- 3%: "Which do you feel is
safer: flying in a commercial airplane or driving in a car?" Flying 58%, Driving 39%, No Opinion 8%; and
Fox News/Opinion Dynamics Poll, Nov. 3-4,1999, N=900, MoE +,- 3%: "Which do you think is the
greater threat to airline safety: terrorist attacks or poor maintenance?" Poor Maintenance 78%, Terrorist
Attacks 15%, Not Sure 7%.
244
Testimony of Kenneth Mead, DOT IG, to National Commission on Terrorist Attacks Upon the United
States at Hearing on Civil Aviation Security, May 22, 2003.
Q
79

T7 B18 Gorelick Comments FDR - Team 7 Draft Monograph W Gorelick Comments 559

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

T7 B18 Gorelick Comments FDR - Team 7 Draft Monograph W Gorelick Comments 559

Încărcat de

Drepturi de autor:

Formate disponibile

UNCLASSIFIED

TEAM 7 DRAFT MONOGRAPH

CIVIL AVIATION AND

CIVIL AVIATION SECURITY: PRELUDE TO 9-11

Pivotal Incidents and Aviation Security

• The rash of aircraft hijackings to Cuba between 1968 and 1972

The industry's age of relative innocence was shattered by an epidemic of hijacking

• The 1988 downing of Pan Am 103 by a terrorist bomb

• The destruction of TWA 800 over the Atlantic Ocean in 1996

DRAFT FOR INTERNAL USE ONLY DRAFT

Aviation Security Roles and Responsibilities

1) The Federal Aviation Administration: Responsible for setting and enforcing

3) Airport Authorities: Responsible for controlling access to sensitive airport

5) Congress: responsible for making aviation security law, performing oversight of

DRAFT FOR INTERNAL USE ONLY DRAFT

Civil Aviation Security Defenses

DRAFT. FOR INTERNAL USE ONLY DRAFT

• Checkpoint screening ,. ......

Passengers were screened by government certified metal detectors operated and

Weaknesses in the System

DRAFT. FOR INTERNAL USE ONLY DRAFT

Aviation security commentator John Nance,described the hijacking protocol as follows:

DRAFT FOR INTERNAL USE ONLY DRAFT

The World of September 11. 2001

Meanwhile, profit-challenged air carriers, feeling the effects of deregulated competition,

Perceived Aviation Security Threat

DRAFT FOR INTERNAL USE ONLY DRAFT

imminent." (PLACEHOLDER FOR SHORT DESCRIPTION OF AVSEC III

(PLACEHOLDER: RECEIVED TESTIMONY ABOUT THE FBI ESTIMATE;

DRAFT FOR INTERNAL USE ONLY DRAFT

(PLACEHOLDER FOR OTHER KEY INTELLIGENCE ISSUES PENDING

(PLACEHOLDER: LOOKING TO SEE IF WE CAN CONFIRM THAT ALL THE

DRAFT. FOR INTERNAL USE ONLY DRAFT

Under the "layered" approach to aviation security, should a terrorist or criminal

o the presumption that hijackers had no suicidal intent.

The facts show that on September 1 1 , 200 1 :

• Checkpoint screener performance and the detection rate of prohibited items at

o likely have improved the odds of achieving those tasks.

DRAFT FOR INTERNAL USE ONLY DRAFT

DRAFT FOR INTERNAL USE ONLY DRAFT

CIVIL AVIATION SECURITY

Whether hijackers or bombers, the perpetrators of violence against commercial aviation

• Criminals in pursuit of some personal goal or financial gain, such as repatriation

Aviation provides a tremendous amount of opportunity to individuals or groups seeking

• The proliferation of highly capable terrorist groups willing to target civilian

DRAFT. FOR INTERNAL USE ONLY DRAFT

The development of improvised explosive devices (IBD'S) and_plastic weaponry ^"

Formative Years: Lead-up to Pan Am 103: 1926-1988

Bombs and criminals / ~!C

DRAFT. FOR INTERNAL USE ONLY DRAFT

(PLACEHOLDER: WHAT WAS THE SECURITY PRACTICE AT THE TIME;

Early Vectors of Aviation Security

(PLACEHOLDER: BE MORE SPECIFIC ABOUT THE RULES/STANDARDS

(PLACEHOLDER: HOW WAS BAGGAGE SCREENING IMPROVED; WAS

(PLACEHOLDER: EXPLAIN THE GROWTH IN THE IDUSTRY; THE

(PLACEHOLDER: WHEN DID IT BECOME SPECIFICALLY ILLEGAL TO

The Hijacking Epidemic

DRAFT. FOR INTERNAL USE ONLY DRAFT

Regulation and the Growing Federal Role

DRAFT FOR INTERNAL USE ONLY DRAFT

The rule included (PLACEHOLDER: ADD ENFORCEMENT MECHANISM AND

The/4i> Transportation Security Act of 1974