The Trump administration stopped requiring passengers to take their shoes off at airport security. Senator Tammy Duckworth is demanding that TSA reinstate this requirement.
The shoe bomber plot failed in 2001. No one ever did this again. In 2009 the ‘underwear bomber’ tried to hide explosives in his boxer shorts. Unlike shoes we didn’t make everyone take off their underwear.
The TSA is rolling out Touchless ID, and has reached around 65 airports. Currently, passengers can opt out of facial recognition and use standard IDs – so far. Eventually TSA could make biometric identity matching mandatory. But they could run into problems doing this. And perhaps even re-instating a shoe removal requirement.
Enilria points to a court case ruling that means “TSA is no longer able to just institute new security rules without seeking public comment and other government standard requirements.”
That’s not literally the rule, but the U.S. Court of Appeals for the D.C. Circuit said in City of Billings v. TSA that nationwide, binding, enforceable rule had to be submitted to notice and comment rulemaking under the Adinistrative Procedures Act unless it fit into a specific exception.
- TSA had proposed in 2020 to require airport workers with unescorted access to secured areas of an airport to undergo random physical screening before entry. TSA did not publish the proposal for public notice and comment. Instead, it notified just airport operators and gave them 60 days to comment. TSA finalized the rule in April 2023 as a “National Amendment,” requiring covered airports to conduct the worker screening themselves and to develop plans to acquire and deploy explosives detection equipment.
- Airports challenged this. It wasn’t just tweaking an airport security program. It created new legal obligations, so the public had to get notice and an opportunity to comment.
They also argued the law says that TSA shall require screening before entry into a secured area, and this was shifting the screning duty onto airports rather than carrying it out itself.
And they argued that requiring them to implement the federal rule was unlawful commandeering (the same reason why ICE cannot force local law enforcement to assist in their duties).
- TSA argued 49 C.F.R. § 1542.105(c) lets them amend an airport’s security program by giving the airport operator notice and at least 30 days to comment.
TSA’s position was that they complied with that rule, airport security is a “shared responsibility,” and broader public notice-and-comment would add little because the rule principally affected airport operators and security sensitive (SSI) details might not be publicly disclosable anyway.
TSA did not claim any Administrative Procedures Act exceptions applied.
The court said the National Amendment was “plainly” a legislative rule because it imposed new obligations, used mandatory terms, had an effective date, and was backed by civil enforcement. And that meant an agency cannot avoid the Administrative Procedures Act.
It also rejected TSA’s argument that public comment would not matter, because the aviation workers who would be searched were themselves directly affected and might have offered meaningful input. Then it gave TSA time to either issue a procedurally proper replacement rule or tell the court it no longer thought a rule was necessary, but it didn’t suspend the rule.
The decision is effectively an extension of EPIC v. DHS which held in 2011 that notice-and-comment rulemaking was required before deploying body scanners.
It wasn’t enough that passengers were already required to submit to screening under 49 C.F.R. § 1540.107, the details of which were non-public. (Advanced Imaging Technology use was codified in 2016 after EPIC.) In both cases these were still new, binding, generally applicable obligations.
Checkpoint requirements that are imposed as binding nationwide obligations through TSA Standard Operating Procedures, security directives, airport-program amendments, or website guidance instead of published rules will face scrutiny over whether it’s an operational detail within an existing rule or a new substantive, binding obligation.
I wrote this week about biometric boarding gates that take your photo and compare those to identification on file. TSA uses facial recognition now at security checkpoints. That’s currently optional. However the agency may want it to become the primary method of passenger identification. If they tried to make it mandatory, that would require a rulemaking.
Any new broad checkpoint methods that significantly change the passenger experience but are imposed only through nonpublic procedures will require one. It’s no longer enough to say that screening is required, and what constitutes screening is a detail that’s up to us.
In fact, new restrictions on what you can bring through the checkpoint would fall under a need for rulemaking. The list of items prohibited by TSA is supported by 49 C.F.R. § 1540.111 and by how TSA interprets “weapons, explosives, and incendiaries.”
TSA says screeners retain discretion and that future threat information may lead TSA to prohibit items without first amending the interpretive rule. But if TSA imposed a new, broad, binding restriction Billings suggests it requires notice and comment.
That doesn’t stop TSA from moving quickly in a genuine emergency. In Spokane Airport Board v. TSA this year, the court upheld TSA’s use of emergency amendment authority for airport cybersecurity measures. Billings acknowledged that TSA could, in the right circumstances, establish good cause for emergency action.
There are limits, though, to what TSA can do unilaterally, ignoring established rules for federal agencies.
Unless you directly or indirectly profit from the surveillance state, why on earth would you want any of this nonsense? We need meaningful bipartisan privacy protections. End the Patriot Act (a farce of a name if there ever was one). Enough is enough.