Ervin is right. I haven’t addressed his fundamental point yet. So I guess I should do it now. I agree with him and have no doubt that “Al Qaeda and its acolytes remain determined to attack us again.” Nevertheless, I suspect that their ability to pull off “another devastating attack” is largely overblown. John and others have made a very convincing case and I wish more security experts would listen to them. At the very least, I wish more people would invest some time to find out who our enemies are and what they are really capable of, rather than assuming the worst.
I also agree with Ervin that there are a huge number of security gaps that remain unaddressed. Yet we need to keep in mind that there will always be such gaps. No security measure is ever perfect. As a consequence, I have no doubts as to the likely prospect of a future attack here at home.
And Ervin and I would agree that whatever antiterrorism measures are put in place, they should concentrate our resources to protect against the most dramatic consequences and they should be cost effective.
Here is where we disagree: considering the low probability event of a terrorist attack, and considering the fact that we don’t know what form it will take or where it will happen, it is likely that the most cost effective measure is to do nothing and then spend money to clean up and compensate the victims after the fact. In other words, rather than protecting all targets or even few targets with a high probability of failing, we should spend money mitigating the consequences of the attack. Of course, at the same time, the federal government should try its best to catch terrorists, dismantle networks, and collect intelligence on future plots.
To be sure, this policy is unlikely. Politicians always want to be seen as doing something. So there is no way they’d go along. And the public will very likely have a hard time dealing with the theory behind the policy. Cost-benefit analysis is a hard exercise that exposes us economists as the cold-hearted beings we are.
In my mind there is only one case where we might deviate from the “do nothing” policy. I say “might” because I am not a security expert and I might actually be wrong about it. However, if I am not, it is consistent with our overall theory since it directs some resources to prevent against one type of attack, which, if successfully implemented, would have dramatic consequences. I am talking about a successful nuclear attack inside the U.S. I believe that even though the probability of a terrorist nuclear attack in the U.S. is extremely low, the consequence would be so devastating that it would be a good idea to do something about it.
But on this front I once again differ from Ervin. The most cost-effective thing to do to try to prevent terrorists from using a nuclear device in, let’s say lower Manhattan, is to make sure terrorists can’t put their hands on fissile material such as highly enriched uranium. No fissile material, no bomb. It’s as simple as that. Aside from that measure—which is hard to implement—I think there is little else to do. The measures we are heavily investing in today such as checking 100 percent of cargo coming into our ports, closing our borders, and other initiatives, make little sense in the face of the cost of each measure, and are unlikely to be effective at stopping terrorists. And if it’s not cost-effective we shouldn’t do it. Period.
To conclude, it seems clear to me to me that in the current debate between the public, the airlines, industry lobbyists, Capitol Hill, security experts, defense contractors, or the White House, each of the players has his own agenda which often has nothing to do with security. No one is really trying to figure out what the actual risk is, what the optimal level of risk we are willing to live with is, how much cost and inconvenience is acceptable, and then what security measures achieve these tradeoffs efficiently. Instead, we are told that we should prepare for the worst and hope for the best no matter what the cost. It is bad policy, bad economics, and bad security.