The Federal Aviation Administration (FAA) within the Department of Transportation had been vested by Congress with the sometimes conflicting mandate of regulating the safety and security of U.S. civil aviation while also promoting the civil aviation industry. The FAA had a security mission to protect the users of commercial air transportation against terrorism and other criminal acts. In the years before 9/11, the FAA perceived sabotage as a greater threat to aviation than hijacking. First, no domestic hijacking had occurred in a decade. Second, the commercial aviation system was perceived as more vulnerable to explosives than to weapons such as firearms. Finally, explosives were perceived as deadlier than hijacking and therefore of greater consequence. In 1996, a presidential commission on aviation safety and security chaired byVice President Al Gore reinforced the prevailing concern about sabotage and explosives on aircraft. The Gore Commission also flagged, as a new danger, the possibility of attack by surface-to-air missiles. Its 1997 final report did not discuss the possibility of suicide hijackings.50
The FAA set and enforced aviation security rules, which airlines and airports were required to implement. The rules were supposed to produce a "layered" system of defense. This meant that the failure of any one layer of security would not be fatal, because additional layers would provide backup security. But each layer relevant to hijackings--intelligence, passenger prescreening, checkpoint screening, and onboard security--was seriously flawed prior to 9/11. Taken together, they did not stop any of the 9/11 hijackers from getting on board four different aircraft at three different airports.51
The FAA's policy was to use intelligence to identify both specific plots and general threats to civil aviation security, so that the agency could develop and deploy appropriate countermeasures. The FAA's 40-person intelligence unit was supposed to receive a broad range of intelligence data from the FBI, CIA, and other agencies so that it could make assessments about the threat to aviation. But the large volume of data contained little pertaining to the presence and activities of terrorists in the United States. For example, information on the FBI's effort in 1998 to assess the potential use of flight training by terrorists and the Phoenix electronic communication of 2001 warning of radical Middle Easterners attending flight school were not passed to FAA headquarters. Several top FAA intelligence officials called the domestic threat picture a serious blind spot.52
Moreover, the FAA's intelligence unit did not receive much attention from the agency's leadership. Neither Administrator Jane Garvey nor her deputy routinely reviewed daily intelligence, and what they did see was screened for them. She was unaware of a great amount of hijacking threat information from her own intelligence unit, which, in turn, was not deeply involved in the agency's policymaking process. Historically, decisive security action took place only after a disaster had occurred or a specific plot had been discovered.53
The next aviation security layer was passenger prescreening. The FAA directed air carriers not to fly individuals known to pose a "direct" threat to civil aviation. But as of 9/11, the FAA's "no-fly" list contained the names of just 12 terrorist suspects (including 9/11 mastermind Khalid Sheikh Mohammed), even though government watchlists contained the names of many thousands of known and suspected terrorists. This astonishing mismatch existed despite the Gore Commission's having called on the FBI and CIA four years earlier to provide terrorist watchlists to improve prescreening. The longtime chief of the FAA's civil aviation security division testified that he was not even aware of the State Department'sTIPOFF list of known and suspected terrorists (some 60, 000 before 9/11) until he heard it mentioned during the Commission's January 26, 2004, public hearing. The FAA had access to some TIPOFF data, but apparently found it too difficult to use.54
The second part of prescreening called on the air carriers to implement an FAA-approved computerized algorithm (known as CAPPS, for Computer Assisted Passenger Prescreening System) designed to identify passengers whose profile suggested they might pose more than a minimal risk to aircraft. Although the algorithm included hijacker profile data, at that time only passengers checking bags were eligible to be selected by CAPPS for additional scrutiny. Selection entailed only having one's checked baggage screened for explosives or held off the airplane until one had boarded. Primarily because of concern regarding potential discrimination and the impact on passenger throughput, "selectees" were no longer required to undergo extraordinary screening of their carry-on baggage as had been the case before the system was computerized in 1997.55 This policy change also reflected the perception that nonsuicide sabotage was the primary threat to civil aviation.
Checkpoint screening was considered the most important and obvious layer of security. Walk-through metal detectors and X-ray machines operated by trained screeners were employed to stop prohibited items. Numerous government reports indicated that checkpoints performed poorly, often failing to detect even obvious FAA test items. Many deadly and dangerous items did not set off metal detectors, or were hard to distinguish in an X-ray machine from innocent everyday items.56
While FAA rules did not expressly prohibit knives with blades under 4 inches long, the airlines' checkpoint operations guide (which was developed in cooperation with the FAA), explicitly permitted them. The FAA's basis for this policy was (1) the agency did not consider such items to be menacing, (2) most local laws did not prohibit individuals from carrying such knives, and (3) such knives would have been difficult to detect unless the sensitivity of metal detectors had been greatly increased. A proposal to ban knives altogether in 1993 had been rejected because small cutting implements were difficult to detect and the number of innocent "alarms" would have increased significantly, exacerbating congestion problems at checkpoints.57
Several years prior to 9/11, an FAA requirement for screeners to conduct "continuous" and "random" hand searches of carry-on luggage at checkpoints had been replaced by explosive trace detection or had simply become ignored by the air carriers. Therefore, secondary screening of individuals and their carry-on bags to identify weapons (other than bombs) was nonexistent, except for passengers who triggered the metal detectors. Even when small knives were detected by secondary screening, they were usually returned to the traveler. Reportedly, the 9/11 hijackers were instructed to use items that would be undetectable by airport checkpoints.58
In the pre-9/11 security system, the air carriers played a major role. As the Inspector General of the Department of Transportation told us, there were great pressures from the air carriers to control security costs and to "limit the impact of security requirements on aviation operations, so that the industry could concentrate on its primary mission of moving passengers and aircraft.... [T]hose counterpressures in turn manifested themselves as significant weaknesses in security." A longtime FAA security official described the air carriers' approach to security regulation as "decry, deny and delay" and told us that while "the air carriers had seen the enlightened hand of self-interest with respect to safety, they hadn't seen it in the security arena."59
The final layer, security on board commercial aircraft, was not designed to counter suicide hijackings. The FAA-approved "Common Strategy" had been elaborated over decades of experience with scores of hijackings, beginning in the 1960s. It taught flight crews that the best way to deal with hijackers was to accommodate their demands, get the plane to land safely, and then let law enforcement or the military handle the situation. According to the FAA, the record had shown that the longer a hijacking persisted, the more likely it was to end peacefully. The strategy operated on the fundamental assumption that hijackers issue negotiable demands (most often for asylum or the release of prisoners) and that, as one FAA official put it, "suicide wasn't in the game plan" of hijackers. FAA training material provided no guidance for flight crews should violence occur.60
This prevailing Common Strategy of cooperation and nonconfrontation meant that even a hardened cockpit door would have made little difference in a hijacking. As the chairman of the Security Committee of the Air Line Pilots Association observed when proposals were made in early 2001 to install reinforced cockpit doors in commercial aircraft, "Even if you make a vault out of the door, if they have a noose around my flight attendant's neck, I'm going to open the door." Prior to 9/11, FAA regulations mandated that cockpit doors permit ready access into and out of the cockpit in the event of an emergency. Even so, rules implemented in the 1960s required air crews to keep the cockpit door closed and locked in flight. This requirement was not always observed or vigorously enforced.61
As for law enforcement, there were only 33 armed and trained federal air marshals as of 9/11. They were not deployed on U.S. domestic flights, except when in transit to provide security on international departures. This policy reflected the FAA's view that domestic hijacking was in check--a view held confidently as no terrorist had hijacked a U.S. commercial aircraft anywhere in the world since 1986.62
In the absence of any recent aviation security incident and without "specific and credible" evidence of a plot directed at civil aviation, the FAA's leadership focused elsewhere, including on operational concerns and the ever-present issue of safety. FAA Administrator Garvey recalled that "every day in 2001 was like the day before Thanksgiving." Heeding calls for improved air service, Congress concentrated its efforts on a "passenger bill of rights," to improve capacity, efficiency, and customer satisfaction in the aviation system. There was no focus on terrorism.63