The United States has built huge internet surveillance infrastructures, but failed to implement its own 9/11 law about maritime cargo security.

The risks of an attack at a US port or the smuggling of weapons of mass destruction (or their components) in shipping containers are big. Compared to the importance of scanning more cargo containers, the benefits of scanning emails appear quite small. What is needed is a serious debate about the right priorities for counter-terrorism and cost/benefit analysis of current policies.

While US and other Western governments claim that internet surveillance has prevented several terrorist attacks, it could also be argued that internet surveillance catches only some of the stupid terrorists, who can only pull off relatively minor attacks. (But not all of them, e.g. not the Boston bombers.)

Smart terrorists like Osama bin Laden, who have the brains and resources to kill tens of thousands of people, do not communicate over the internet. (Or they use very serious encryption, which the NSA computers won’t break in time.) They might plan sophisticated operations for American, French, Dutch or German harbors.

The 9/11 Commission concluded in its report in 2004: “While commercial aviation remains a possible target, terrorists may turn their attention to other modes. Opportunities to do harm are as great, or greater, in maritime or surface transportation. Initiatives to secure shipping containers have just begun.”

In 2007 Congress passed the “Implementing Recommendations of the 9/11 Commission Act” and mandated that by July 2012 no cargo container would be allowed to enter the United States unless it had been checked by radiation detection and nonintrusive imaging technology.

The Department of Homeland Security missed that deadline and gave itself a two-year extension, which the law allowed. The Nuclear Threat Initiative wrote in February 2012: “Roughly 5 percent of cargo containers undergo the demanded physical scanning today either at the foreign port of departure or upon arrival in the United States, according Kevin McAleenan, acting assistant commissioner for field operations at DHS Customs and Border Protection.”

Representative Bennie G. Thompson of Mississippi said in the U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Border and Maritime Security on February 7, 2012:       

I am a pragmatic person. I was a proponent of 100 percent scanning mandate, but understood that fulfilling the requirements would be no easy task. However, those of us who supported the provision hoped to spur significant advances in cargo security by this point, even if the initial 2012 deadline was not met. Instead, in the nearly 5 years since the law was enacted, DHS has failed to make an honest effort to implement the mandate. We have heard a litany of reasons that 100 percent scanning cannot or should not be done. In testimony before this committee, Secretary Napolitano expressed opposition to the mandate, indicating that the 100 percent requirement is not achievable by 2012, and instead advocating for a risk-based approach to maritime cargo security. Of course, the surest way to fail is not to try at all. Equally troubling is the fact that in recent years, some of DHS’ existing cargo security programs have become stagnant or have been scaled back. For example, the Container Security Initiative, CSI, is operational in the same 58 ports that were active before the enactment of the 9/11 Act. Over the past 5 years, CSI has not been expanded, despite the fact that at least 700 ports ships goods to the United States. The number of overseas personnel deployed to the 58 ports has plummeted. 

Mr. Thompson also wrote op-ed Cargo, the Terrorists’ Trojan Horse, together with Jerrold L. Nadler and Edward J. Markey, the Democratic representatives from New York and Massachusetts, published on June 26, 2012 in the NYT:

Over the years, terrorists have shown themselves to be frighteningly inventive. They have hidden explosives in printer cartridges transported by air and embedded explosives in the shoes and underwear of airline passengers. The cargo containers arriving on ships from foreign ports offer terrorists a Trojan horse for a devastating attack on the United States. As the Harvard political scientist Graham T. Allison has put it, a nuclear attack is “far more likely to arrive in a cargo container than on the tip of a missile.”

But for the past five years, the Department of Homeland Security has done little to counter this threat and instead has wasted precious time arguing that it would be too expensive and too difficult, logistically and diplomatically, to comply with the law. This is unacceptable.

An attack on an American port could cause tens of thousands of deaths and cripple global trade, with losses ranging from $45 billion to more than $1 trillion, according to estimates by the RAND Corporationand the Congressional Research Service. Anyone who doubts these estimates should recall the labor strike that shut down the ports of Los Angeles and Long Beach for 11 days in 2002. Economic losses were put at $6.3 billion or more. Homeland Security says it would cost $16 billion or more to meet the mandate, but that projection assumes that the department would pay to acquire, maintain and operate scanning equipment and related operations, without any offsetting fees from companies in the global supply chain. In contrast, Stephen E. Flynn, an expert in terrorism and port security at Northeastern University, has said a scanning system could be implemented in every major container port in the world at a cost of $1.5 billion, and that the costs could largely be absorbed by companies doing business at the ports.

The U.S. Government Accountability Office released the report “Combating Nuclear Smuggling: Megaports Initiative Faces Funding and Sustainability Challenges” on November 28, 2012 (All emphasis in bold in this article was added):

As of August 2012, the National Nuclear Security Administration (NNSA) had completed 42 of 100 planned Megaports projects in 31 countries and, as of December 2011, NNSA had spent about $850 million on the Megaports Initiative. NNSA’s Initiative has equipped these seaports with radiation detection equipment, established training programs for foreign personnel, and created a sustainability program to help countries operate and maintain the equipment. However, the administration’s fiscal year 2013 budget proposal would reduce the Initiative’s budget by about 85 percent, and NNSA plans to shift the Initiative’s focus from establishing new Megaports to sustaining existing ones. As a result, NNSA has suspended ongoing negotiations and canceled planned deployments of equipment in five countries.

Are the Obama administration and other Western governments setting the right priorities in counter-terrorism? Or are they neglecting expensive port security in the hope that cheaper NSA surveillance of internet traffic will uncover terrorist plots? Such a rationale would be wrong. The political costs of massive internet surveillance are significant, while the benefits are doubtful. Companies should pay for the costs of port security.

If I am correct in assuming that only stupid terrorists with limited capabilities are likely to be caught by communication surveillance, then we need to debate whether the cost of privacy invasions is worth the benefit of preventing relatively minor terrorist attacks. 

Neither data privacy nor security should be seen as absolute values. Accepting any terrorism as a risk of life in “The New Normal” seems to be blasphemy for many US politicians and pundits, although they have accepted domestic gun violence (like the Connecticut elementary school shooting) for decades. These crimes as well as spontaneous “do it yourself”-terrorism like the Woolwich stabbing cannot be prevented by internet surveillance anyway. If we want our governments to protect rather than invade our privacy, then we should not watch/read media that regularly freaks out at every terrorism report, because that sends the wrong message to our politicians about our priorities.

Joerg Wolf is project manager and editor-in-chief of atlantic-community.org. This piece first appeared on Atlantic Review.