The preceding chapters present the results of the committee’s deliberations on chemicals of interest (Chapter 2), domestic supply chains (Chapter 3), and the status of domestic and international policy (Chapters 3 and 4, respectively). The results uncovered potential vulnerabilities, particularly at the retail level of the domestic supply chain, and suggest opportunities both to reduce the likelihood that malicious actors will obtain precursor chemicals and to gather information to prevent or respond to improvised explosive device (IED) attacks, without undermining legitimate commerce and use.
This chapter focuses on tradeoffs among possible control strategies, derived largely from domestic and international experience, for mitigating vulnerabilities and gathering information. The committee did not presume the necessity of new controls, defined as mandatory restrictions on access to precursor chemicals (see Chapter 1 for definitions), or prejudge the legal standing of other policy mechanisms. Instead, the committee explored three types of strategy with new controls and one type without. In addition, the committee considered other measures and activities, such as outreach, training, and reporting, that could operate under public- or private-sector auspices, with or without legal mandates. These other measures and activities could serve supplemental or independent roles in different contexts.
More specifically, the committee considered the economic and noneconomic benefits and costs of the strategies, in relation to three policy objectives:
- restricting malicious actors’ access to precursor chemicals;
- gathering and disseminating information to prevent or respond to terrorist episodes; and
- minimizing the burdens on legitimate commerce and use.
Each benefit or cost, be it economic or noneconomic, represents a factor for comparison in the Department of Homeland Security’s (DHS’s) statement of task (Box 1-1).
To assess the tradeoffs among control strategies, the committee engaged in an analytical exercise in which it walked through the strategies one by one and discussed the benefits and costs of each, qualitatively. It drew from evidence collected in the project and from principles of regulatory assessment, set out by the Office of Management and Budget (OMB) in Circular A4,231 which provides guidance to federal agencies on the development of regulatory analysis (see Appendix G). For example, OMB specifies that a good regulatory analysis should include a statement of the need for the proposed regulatory action, an examination of alternative approaches to addressing the need, and an evaluation of the benefits and costs—quantitative, if possible, and qualitative otherwise—of the proposed action and the main alternatives.
OMB sets out a hierarchy of analytical methods, preferring benefit-cost analysis (BCA), which, ideally, would monetize all the benefits and costs of a proposed regulatory action, over other methods (see Appendix G). Regulatory analysis, even in the ideal, which the committee did not attain, cannot address all aspects of the tradeoffs among control strategies, but the underlying premise of each method—that policy interventions entail benefits and costs that can differ by approach—suggests means to systematically consider the relative merits of different strategies and inform the selection of one strategy over another.
One might describe the exercise as a notional analysis of benefits and costs and a starting point for a more detailed and rigorous analysis of policy options, but not as a BCA per se. Noteworthy among the deviations from a conventional BCA are the following: the committee did not attempt to identify all the benefits or costs associated with each control strategy; the committee lacked the data and resources to monetize or otherwise quantify the benefits and costs that it did identify; and the committee framed most of the benefits as pathways to attaining policy objectives (e.g., the capability to restrict access to precursor chemicals, the capability to track and correlate suspicious behavior), not as actual policy outcomes, such as reductions in bombings, injuries, or deaths.
Nevertheless, the committee was able to rank each of the three strategies with a new control based on the committee’s assessment of individual benefit and cost attributes. For those three strategies, the committee was able to say whether a particular benefit or cost, exclusive of various uncertainties, was expected to be higher or lower under that strategy than under one of the others. The committee could not say how much higher or lower a benefit or cost might be from one strategy to the next, or whether one benefit or cost would outweigh another under the same strategy, but it was able to use the rankings to draw insight into tradeoffs among the strategies.
For purposes of this exercise, the committee set out the broad contours of
all four strategies, but left many of the specifics that would be necessary for a complete qualitatively or quantitatively oriented policy analysis to future efforts.
Potential vulnerabilities, as shown previously, exist primarily at retail-level points of sale, especially nonagricultural. Although gaps in visibility and policy coverage exist elsewhere in the supply chains, the committee chose to focus in this chapter on retail-level sales as the highest priority.
A strategy to mitigate potential vulnerabilities could include different combinations of new and existing controls and other measures and activities, such as outreach, training, and reporting, which could be mandatory, voluntary, or a mix. At one end of the spectrum, all such measures and activities could be mandatory and, at the other, the measures and activities could all be voluntary. The committee presents the measures and activities without specifically designating them as mandatory or voluntary and comments later in this chapter on the implications of choosing a mandatory or voluntary route.
The committee’s review of the policy landscape (see Chapters 3 and 4) suggests four general types of control strategy for retail-level transactions; three include a new mandatory restriction on access to precursor chemicals (i.e., a control) and one does not. The three strategies with new controls would implement one of the following at the retail level: a ban, licensing, or a registry. The fourth strategy would augment federal, state, and local controls that exist at the time of this report with other measures and activities not currently in place. The committee refers to the fourth strategy as “business as usual plus” (BAU+). Any of the three new controls could also be implemented in conjunction with other measures and activities.
A retail-level ban, licensing, or registry could apply to all or a just subset of retail-level sales, with the subset depending, for example, on the type of transaction or product market. Given concerns about the potential for commercial disruption, the committee chose to focus on applications of those controls to noncommercial sales and exempt commercial transactions, but policy makers could include commercial sales within any of the frameworks. A ban, licensing, or a registry could also include a restriction on quantities of purchases, as with the pseudoephedrine controls aimed to limit illicit drug manufacturing (Chapter 3).
Each control would likely require regulatory action, which could be prescribed at either the federal, state, or local level, with due consideration of preferences for state or local autonomy, differences in circumstances among states and localities, and the need for coordination and harmonization across state and local borders.
A ban on noncommercial sales might require a purchaser’s evidence of commercial status to demonstrate their exemption from the ban; licensing for noncommercial sales might be implemented by requiring either evidence of commercial status, to demonstrate exemption from licensing, or a license to purchase; and a registry for noncommercial sales might be implemented by requiring either evidence of commercial status, to demonstrate exemption from the registry, or participation in a registry, for example, with a signature and government-issued ID. In each case, the requirement to present evidence—of commercial status, a license to purchase, or a signature and government-issued ID—might fall on the purchaser, but the seller might also be required to validate credentials. For example, a retailer might be expected to check the expiration date of a license or ID and to be able to recognize a counterfeit.
BAU+ would not add any new retail-level control, but it would not preclude action on other measures or activities, discussed below. Moreover, any strategy, even BAU+, could include a provision that grants retailers the right to refuse suspicious sales, but this might require additional legal or regulatory action.
Different combinations of other measures, involving either legal mandates or voluntary participation, could accompany a ban, licensing, a registry, or BAU+:
- training of retailers to, for example, request and verify evidence of commercial status, licenses, or government-issued IDs; identify suspicious behavior, fraud, theft, or loss; or fulfill responsibilities for reporting and documentation;
- reporting of suspicious behavior and fraud, theft, or loss to federal authorities and local law enforcement, respectively; and
- documentation of transactions, which could involve electronic record keeping and data analytics.
In each case, the measure could be publicly or privately sponsored. Other activities could include outreach for awareness, random audits, and systematic inspections.
The federal government, several state governments, and trade associations already conduct some outreach on precursor chemicals, their regulation, and safety (Chapter 3), but they and others could do more to educate retailers on precursors, including the requirements associated with any new controls. In addition, government officials, trade associations, or other third-party verifiers could evaluate retailers’ implementation of new controls or other measures through random audits, systematic inspections, or a combination of the two. Random audits would catch retailers off-guard, whereas systematic inspections could allow time for self-assessment and preparation.
Some EU MS, including the United Kingdom, employ mystery shopping, a
practice by which government officials—or potentially others—attempt to purchase regulated precursor chemicals incognito and then provide feedback to retailers on the interaction and whether it met regulatory requirements or aligned with guidance. In the EU, the approach serves more as an educational tool than as an enforcement tool, but it can also support enforcement objectives. Although targeting retailers, mystery shopping can also inform government program managers; for example, some mystery shoppers have uncovered opportunities for agencies to improve their outreach. For the purposes of this report, mystery shopping is considered a subset of audits and inspections.
Product placement might also play a part in each strategy. Retailers could choose or be required to place products that contain precursor chemicals behind the sales counter or in a locked case, so that consumers must request them directly. The extra layer of interaction and engagement might provide retailers with an opportunity to assess whether the purchase is suspicious and should be reported or denied, if they have the right to refuse a sale.
The committee assembled three control strategies as packages of policy mechanisms, with each strategy featuring either a ban on noncommercial sales, licensing for noncommercial sales, or a registry for noncommercial sales, together with an unspecified limit on the quantity of noncommercial sales and a right to refuse sales to anyone, under suspicious conditions. Each control strategy also included a suite of supplemental measures and activities, consisting of outreach, training, reporting, documentation, auditing, and inspections. To facilitate the comparison of strategies, the committee held the measures and activities constant across strategies. Each strategy treats commercial sales identically—for example, commercial purchasers must provide evidence of their commercial status to complete a transaction—but treats noncommercial sales differently.
The committee also looked separately at a BAU+ strategy that included additional outreach, training, reporting, documentation, auditing, and inspections, absent any new control. Appendix H includes a summary of findings on cautionary labeling as well, but the committee did not include cautionary labeling in any of the strategies because of concerns raised in the EU and elsewhere about unintentional knowledge transfer (Appendix H).
Figure 5-1 illustrates the development of a strategy from a menu of options, starting with the selection of a new control, if any, and proceeding to the selection of measures and activities that can either supplement the new control or accompany existing controls. In the example, which mirrors one of the strategies that the committee considered, the resulting package consists of licensing with training, reporting, documentation, outreach, auditing, and inspections.
The committee did not specify whether a particular measure or activity would be voluntary or mandatory, but envisioned that, in either case, retailers
would be expected to meet a standard of performance rather than a standard of design or behavior. Performance standards express requirements in terms of outcomes, not the means to achieving outcomes, and give regulated parties the flexibility to achieve regulatory objectives as cost-effectively as possible.231 For example, a retailer might be expected to train its employees to know when a product is subject to a control; when to ask for and how to check a purchaser’s credentials; and how to identify and report suspicious behavior, fraud, theft, and loss; but the retailer would be given the flexibility to conduct the training by whatever means it deemed best.
To judge compliance with a measure or activity, the policy could specify certification and testing requirements, rely on audits or inspections, or employ other tools, potentially left to the judgment of the retailer. In the case of a mandatory provision, the retailer might be held to the standard by a government agency—federal, state, or local; in the case of a voluntary provision, a trade association might provide oversight.
Though businesses might choose to develop their own training materials, a government agency or trade association might provide retailers with training materials, such as pamphlets and videos (see Appendix F), but give retailers leeway to adapt and apply the materials as they see fit. In the discussion of tradeoffs among strategies, later in this chapter, the committee considers how a business’s incentives might differ if a measure is voluntary or mandatory.
Just as the committee did not assume a particular assignment of responsibilities for outreach, training, reporting, documentation, or audits and inspections,
neither did it assume a particular funding source—private or public—for those activities. In the case of a publicly funded program, either mandatory or voluntary, the government would bear the initial cost, which would fall eventually on taxpayers; in the case of a privately funded program, be it mandatory or voluntary, industry would bear the initial cost, which would fall eventually on some combination of proprietors or shareholders, employees, and customers. In either case, the cost of implementing the measure or activity, if not administering it, should be about the same, if retailers are held accountable to the same standard of performance.
Ultimately, a control strategy would require the specification of threshold concentrations and quantities for each precursor chemical under consideration, but for purposes of this analytical exercise, the committee took the existence of specifications as given, but as yet unestablished. Moreover, the committee did not assess different approaches—bans, licensing, registries, or BAU+—for different precursor chemicals separately; rather, it considered each approach for any or all precursor chemicals. In an actual policy-making process, not all precursor chemicals would need to be treated identically; that is, some Group A chemicals could be subject to a ban, others to a licensing regime, others to registry requirements, and still others to additional mandatory or voluntary measures and activities without any new control. However, the United Kingdom ruled out mixed controls, based on feedback from industry, which preferred the simplicity of a stand-alone licensing regime.
The committee considered the potential for direct benefits, direct costs, ancillary benefits, and unintended consequences, the last of which might reduce benefits or add to costs, as factors to compare across strategies. An ancillary benefit is a favorable impact that is typically unrelated or secondary to the stated purpose of the control, measure, or activity. For example, a control might increase the visibility of transactions and, thus, present information that can be used to develop and improve policy. An unintended consequence is an undesirable security, economic, or social side effect of a policy action. For the most part, these definitions are consistent with those found in OMB guidance, but the committee diverges from OMB by referring to a subset of unintended consequences that lack sufficient basis for ranking as uncertainties.231 Uncertainty, as a term of art among economists, differs from risk, a term that OMB applies, in that it can be used to describe conditions when the future is unknown—in the extreme, anything or nearly anything can happen—and it is impossible to characterize the probability, if not the severity, of a consequence. Thus, an uncertainty is akin to an unknown risk.232-234 The committee categorized anticipated effects, whether direct, ancillary, or unintended, as either benefits or costs, but treated particular uncertainties, including displacement, separately.
As noted previously, the committee also diverges from OMB guidance by framing most of the benefits of the control strategies as pathways to attaining policy objectives—or capabilities—and not as actual policy outcomes. In those
instances, the committee had enough information about the structure of the pathway to support a qualitative, operational comparison across strategies, even if it did not have enough information to characterize the ultimate effect of the strategy. For example, the committee might feel comfortable comparing the stringency of a ban, licensing, or a registry, in terms of its operating principles, but would not feel comfortable comparing the effects of the controls on explosions, deaths, or injuries.
In this section, the committee presents the results of the analytical exercise, which illustrates one possible approach to examining, qualitatively, the benefits, costs, and uncertainties of strategies and the tradeoffs among them. The committee does not intend to suggest that this is the only possible approach to assessing tradeoffs or that these are the only possible strategies. However, the strategies under consideration encompass many features of control strategies that have been employed in other contexts (see Chapters 3 and 4) and could be employed in this context. Different specifications are also possible; for example, licensing or registry requirements could cover all purchasers, but set different quantity limitations for commercial and noncommercial purchases.
Similarly, the committee makes no claim to have identified all the benefits, costs, and uncertainties that could emerge from a strategy; rather, it addresses the particular types of benefits, costs, and uncertainties that came to the fore in its deliberations.
The committee assessed the strategies slightly differently, depending on whether they included a new control. The committee treated the strategies with new controls—ban, licensing, or registry—as complete packages and assessed them in terms of how they might create a pathway or elicit an outcome in relation both to current policy and to each other. The committee ranked those three strategies with respect to the benefits and costs of each, but, as noted above, it did not attempt to rank them on the basis of the uncertainties (see Appendix H).
The committee treated the BAU+ strategy less as a package and more as a compendium of measures and activities, not strictly comparable to the other three strategies. These measures could be implemented together or separately, reflecting the flexibility of the premise that policy makers could choose to forgo new controls, but still require or encourage additional outreach, training, reporting, or other efforts. Thus, the committee considered individually, and without rankings, the benefits, costs, and uncertainties of several measures and activities that could constitute elements of a BAU+ strategy.
All the assessments, including the benefit and cost rankings of the strategies with new controls, are strictly qualitative. On that basis, the committee cannot say how much better or worse one strategy might be relative to any other, only that it might be qualitatively better or worse with respect to each individual attribute.
The committee did not attempt to convert the ordinal rankings to scores because it would have needed to apply weights to each benefit and cost. It is unlikely that society would value each benefit or cost equally; moreover, the relative importance of different costs, benefits, or uncertainties could change over time.
By design, any benefits, costs, or uncertainties tied solely to a supplemental measure or activity, irrespective of the particular control, would be the same across the strategies that contain new controls, because the measures and activities are fixed across strategies. For example, the ban, licensing, and registry strategies rank equally in terms of awareness because that benefit flows largely from outreach and training, which is the same in each case.
The committee considered anticipated benefits relating to the capability to impede, deter, or reduce acquisitions of precursor chemicals for illegitimate purposes; the capability to increase awareness of chemicals, concerns, and requirements; the capability to track and correlate suspicious behavior; the capability to provide feedback on implementation; early warnings from vetting; better visibility of transactions and additional information for developing and improving policy; and noneconomic social benefits, some of which could be the same across strategies. These benefits, which include both direct and ancillary benefits, framed largely as pathways to attaining policy objectives or other outcomes, are described in Box 5-1.
Table 5-1 presents a summary of the assessment of benefits, exclusive of any offsets that might emerge from the assessment of particular uncertainties later in this chapter.
The committee ranked the ban, licensing, and registry strategies with respect to the benefits outlined in Box 5-1. The rankings depend on the type of access to precursor chemicals granted under each strategy. For a ban, only commercial purchasers would have access (denoted as C in Table 5-1). The ban would allow commercial purchases with evidence of the purchaser’s commercial status and disallow noncommercial purchases. In the case of a license, both commercial purchasers with evidence of commercial status and noncommercial purchasers holding a license would have access (denoted as C+L in Table 5-1). Finally, under the registry, commercial purchasers with evidence of commercial status and noncommercial purchasers who sign a registry and present a government-issued ID would have access (denoted as C+R in Table 5-1). Each strategy also includes outreach, training, reporting, documentation, and audits or inspections (Appendix H).
All three control strategies differentiate between commercial and noncommercial sales and treat commercial sales the same. Thus, the rankings apply only to the merits of each strategy in relation to noncommercial sales, with all else remaining the same. In reality, separating the two could require additional
credentialing for commercial entities, depending on the extent of ordinary business requirements for a commercial enterprise (operating licenses, permits, etc.), to prevent malicious actors from posing as commercial entities, as occurred in the Oslo bombing. As evidenced by the difficulties the EU has encountered (see Box 4-1), the task of separating commercial and noncommercial users can present challenges.
The strategy featuring the ban (C) might be viewed as the most restrictive of the three strategies; the licensing strategy (C+L) is in the middle; and the registry
TABLE 5-1 Strategies Ranked by Benefit Type, Excluding Uncertainties
|Capability to Impede, Deter, or Reduce Acquisitions||Capability to Increase Awareness of Chemicals, Concerns, and Requirements||Capability to Track and Correlate||Capability to Provide Feedback on Implementation||Early Warning from Vetting||Better Visibility of Transactions for Policy||Noneconomic Social Benefits|
|Most Beneficial||C||C, C+L, C+R||C+L||C, C+L, C+R||C+L||C+L||C|
NOTE: C, C+L, and C+R correspond to three different strategies, featuring a ban, licensing, and a registry, respectively, on noncommercial purchases. For additional details, see text and Table H-1 (Appendix H).
strategy (C+R) is the least restrictive. Thus, the strategy with the ban (C) would rank highest for capability to impede, deter, or reduce acquisitions and for noneconomic social benefits, if stringency conveys perceptions of security, and the strategy with the registry (C+R) would rank lowest.
Looking only at the benefits shown in Table 5-1, the licensing strategy (C+L) dominates the registry strategy (C+R), but the relative position of the ban strategy (C) is ambiguous; in some instances, the ban strategy ranks above the licensing or registry strategies and, in others, it ranks below them. The differences hinge largely on the relative stringency of the strategies, as noted above, on noneconomic social benefits, and on flows of information.
The strategy featuring the ban (C) ranks last in terms of both capability to track and correlate and better visibility of transactions. For these benefits, the results depend on the quantity and quality of information that a control might yield, which, in turn, depends on the number of transactions associated with each strategy and the type of information collected in each transaction. Because the ban is the most restrictive control, with the fewest potential transactions, it would necessarily generate the smallest number of observations. Moreover, whatever kinds of commercial information the policy community would gain from the ban, it would also gain from licensing or a registry, because they allow the same commercial purchases as the ban, under the same conditions. In summary, the strategy with the ban would rank last for these benefits because it would provide only a subset of the information that one would expect from licensing or a registry.
Whether a strategy that features licensing would rank above or below a strategy with a registry on either tracking and correlation or visibility of transactions requires further consideration.
Regarding tracking and correlation, one might expect to see the most transactions under the least stringent form of control (the registry), but the registry might not convey the best information. Licensing is almost certain to provide better information about legal transactions than a registry and, in these contexts, the quality of information matters. Licensing requires vetting beyond that required to obtain a typical government-issued ID and thus will provide more insight to the background of the purchaser and, possibly, the nature of the transaction. The committee chose to rank the licensing strategy ahead of the registry strategy because, in its view, a smaller number of observations with additional relevant details could be more useful analytically than a larger number of observations that lack those details.
With regard to transaction visibility, the difference between licensing and a registry might depend partly on whether licensees must provide a justification for their license applications. If a licensee must provide a statement of need (e.g., use in a particular hobby) to obtain a license and if the transaction record includes the license number, then each transaction can be tracked to a need. However, the committee warns against overreaching for data. Relevant details come at a price to both the provider and the collector, and the more details that
a program demands from participants, the costlier it might become to implement and administer.
The benefits relating to awareness and feedback are the same across strategies, because each strategy includes the same provisions for outreach, training, and audits and inspections; however, the benefits of vetting apply only to licensing, because it is the only control that requires vetting.
Table 5-2 presents a summary of the assessment of costs, exclusive of any losses that might emerge from the assessment of particular uncertainties later in this chapter. The first three costs are direct costs, whereas the last four are rank-able, unintended consequences. Looking only at the costs shown in Table 5-2, none of the strategies clearly dominates any other.
The committee considered anticipated costs relating to public-sector expenditures on administration and implementation; public-sector expenditures on law enforcement; private-sector expenditures on administration and implementation; forgone sales and surplus; forgone use and surplus; additional transaction time; and noneconomic social costs. These costs, which include both direct costs and unintended consequences, are presented in Box 5-2.
The public- and private-sector costs of administering, implementing, and enforcing each strategy should be about the same in terms of the commercial component (i.e., the requirement for evidence of commercial status). Thus, any differences in these costs, by strategy, would reside in the additional requirements that would accompany licensing or a registry.
The strategy featuring the ban on noncommercial purchases (C) looks best in terms of expenditures on administration, implementation, and law enforcement, but shows relatively poorly in terms of forgone sales, forgone use, and noneconomic social costs. The ban has the fewest program features and, thus, should be the least costly to carry out; however, because of its relative stringency, it is expected to have the most noticeable effect on sales. If (1) all three strategies result in the same number of commercial transactions because the requirements for commercial sales are the same, (2) the ban results in the fewest noncommercial transactions, and (3) the registry results in the most, then it seems plausible that the ban would entail the largest losses of producer and consumer surplus and the registry would entail the smallest. Similarly, the public might feel most constrained under a ban and least constrained under a registry requirement, resulting in noneconomic social costs related to the losses of personal or societal freedom.235
A strategy with licensing might incur the highest administration and implementation costs because issuing licenses (application and approval) and collecting and analyzing license-related data would absorb additional resources. However, the distribution of those costs to the public or private sector would differ, depend-
TABLE 5-2 Strategies Ranked by Cost Type, Excluding Uncertainties
|Administration and Implementation (Public)||Law Enforcement||Administration and Implementation (Private)||Forgone Sales and Surplus||Forgone Use and Surplus||Additional Transaction Time||Noneconomic Social Costs|
NOTE: C, C+L, and C+R correspond to three different strategies, featuring a ban, licensing, and a registry, respectively, on noncommercial purchases. For additional details, see text and Table H-1 (Appendix H).
ing on whether licensing fees covered some of those activities. Licensing, unlike a ban or registry, might also entail outreach and training on the license.
In the case of law enforcement, the rankings of the strategies depend largely on differences in opportunities for fraud, resulting from differences in credential requirements and numbers of transactions. (This assessment assumes that the potential for theft and loss are about the same across options and that a federal hotline continues to handle some or most concerns about suspicious behavior, but not necessarily all.) Strategies that feature licensing or a registry are likely to present more opportunities for fraud than a strategy with a ban because they require a credential. Lacking evidence on whether fraud would be more likely with licensing or a registry, the committee assumed that attempts to deceive—and detection—would be equally likely in either case. Thus, the ranking (C+R > C+L) assumes that a registry elicits more transactions than licensing and, as a consequence, generates a larger number of calls to police.
Similarly, the ranking for transaction time (C+R > C+L) depends primarily on the relative number of transactions, but the registry might also be costlier because it requires not only the presentation of a credential, but also a signature.
The committee explored separately the potential for noncompliance among retailers, institutional amnesia and employee turnover, outright circumvention, unintended knowledge transfer, displacement, over-implementation, commercial disruption, and discriminatory profiling as relative unknowns that could affect the benefits and costs of controls. Had these consequences been less uncertain, they would have been incorporated into the foregoing benefit and cost assessments as either offsets to benefits or additional costs. Specifically, noncompliance, institutional amnesia and employee turnover, outright circumvention, unintended knowledge transfer, and displacement would have been handled as offsets to benefits; over-implementation, commercial disruption, and discriminatory profiling might be handled as additional costs, though OMB suggests treating all unintended consequences as benefit offsets. These uncertainties are described in Box 5-3.
The committee could not rank the control strategies for each type of uncertainty because of the complexity of the task and a lack of evidence. Nevertheless, the committee offers these observations on the potential tradeoffs among the strategies in this domain.
First, it seems plausible that concerns about circumvention, on the one hand, and displacement and commercial disruption, on the other, would be inverted; in particular, circumvention might be of least concern for a strategy with a ban and of most concern for a strategy with a registry, while concerns about displacement and commercial disruption might be highest for a ban and lowest for a registry, at least insomuch as probability is a focal point of concern (see equations in Appendix B). As a matter of logic, the control that is most stringent and least
susceptible to circumvention (specifically, the ban on noncommercial sales) might also be most likely to engender displacement and disrupt commerce, by giving terrorists a reason to try working with other chemicals or pursue other modes of attack, and by preventing legitimate sales and use, respectively.
Second, it is possible that concerns of retailer noncompliance, distinct from outright circumvention, would increase with complexity and administrative costliness, in which case the strategy that is easiest to implement might be the least likely to result in noncompliance. On that basis, a ban, which might be the least cumbersome of the three controls, might result in less retailer noncompliance than either licensing or a registry; however, the ranking would depend ultimately on the point of failure and its cause, for example, transaction time, implementation costs, or other factors.
Third, concerns about over-implementation might differ for commercial and noncommercial purchasers. For a commercial purchaser, a ban on noncommercial sales might be the most worrisome control and the registry the least, not because bans are more likely to result in more over-implementation than registries, but because the consequences could be more serious. In the case of a registry, a retailer might needlessly request a signature and ID, but the request would not necessarily block the sale; however, in the case of a ban the retailer might flatly—and inappropriately—deny the sale. Under the ban, noncommercial purchasers do not face concerns about over-implementation, because they are not eligible to purchase precursor chemicals in the first place, but both the licensing and registry requirement could result in excessive denials, for example, if retailers reject valid licenses or IDs. There might be more purchases under a registry than with licenses and, hence, more opportunity for denials, but whether retailers are more or less likely to reject a license or a government-issued ID is an open question; thus, the committee has no basis for distinguishing between the two controls.
Fourth, any of the strategies could lead to discriminatory profiling, because retailers have a right to refuse sales, whether they are noncommercial or commercial, if they encounter suspicious behavior. A retailer might, however, use the authority to turn away a legitimate buyer based on the retailer’s own biases. Two potential differences are that a strategy that features a registry might entail (1) more transactions and, thus, present more opportunities for profiling than a strategy that features either a ban or licensing and (2) a softer requirement for noncommercial purchasers and, thus, leave more room for subjectivity, which might also allow more profiling.
Fifth, the committee found no basis for distinguishing among the strategies with regard to concerns about institutional amnesia, employee turnover, or inadvertent knowledge transfer.
The committee also considered several measures and activities that could accompany existing controls as elements of a BAU+ strategy and operate under legal mandates or through voluntary participation, with varying degrees of government and industry involvement and oversight. Specifically, it looked separately at opportunities for outreach; training and reporting on suspicious behavior, theft, and loss; documenting transactions with electronic record keeping; and auditing with mystery shopping, partnered with training, reporting, or other measures. As noted previously, the committee also considered cautionary labeling, but did not include the measure in any of the strategies, including BAU+, because of concerns about unintentional knowledge transfer.
The results of the committee’s assessments, which are presented under BAU+ in Table H-1, suggest that some gains in security and improvements in flows of information are possible without a ban, licensing, or a registry, but that BAU+ would still entail costs and uncertainties. For example, training and reporting on suspicious behavior, fraud, theft, and loss could create better awareness of chemicals, concerns, and implementation mechanisms and requirements; a capability to deter and reduce illegitimate acquisitions; a capability to track and correlate suspicious activity and investigate incidents; better visibility of retail-level transactions for developing and implementing policy; and some noneconomic social benefits. However, it would also entail public- and private-sector costs of administration and implementation, including data intake and analysis, and, to a lesser extent, many of the same kinds of uncertainties as the three strategies with new controls.
At the start of this chapter, the committee indicated that it would consider tradeoffs among control strategies in relation to three policy objectives, namely restricting malicious actors’ access to precursor chemicals, gathering information that could be used to prevent future attacks or investigate prior attacks, and minimizing burdens on industry, commerce, and legitimate users. The foregoing assessments illustrate just one possible approach to comparing strategies; nevertheless, they shed light on potential economic and noneconomic tradeoffs and the conditions that might affect them. The committee was able to rank the strategies in terms of individual benefit and cost attributes, but it cannot say how much more or less beneficial or costly one strategy is relative to the next; moreover, the final standing of the strategies would depend partly on whether and how uncertainties enter the assessment.
The tradeoffs among benefits, without yet considering the cost categories or uncertainties, are reasonably clear (Table 5-3). The strategy that features a registry never surpasses the strategy that features licensing for any of the anticipated benefits, thus leaving policy makers to consider the relative merits of licensing
TABLE 5-3 Control Strategy Rankings by Benefit
NOTE: Summary of rankings of strategies with new controls by benefit type (not including costs and uncertainties). First is best or most beneficial, and third is worst or least beneficial. The order of the benefits within each rank (first, second, or third) has no analytical significance.
and a ban. Generally speaking, the ban would block more sales and, thus, looks better as an impediment to access, whereas licensing would allow more sales and, thus, looks better as a source of information, especially with vetting for licenses. However, upon introducing the committee’s observations on the uncertainties, the tradeoffs in benefits become murkier. A strategy that features a ban might be less likely to result in noncompliance or circumvention than one that features licensing, but it might be more likely to yield displacement. Terrorists who cannot obtain precursor chemicals could opt for more or less damaging modes of attack; if the former, the control could make matters worse. Even if the new mode is no worse than the old, it is possible (as might be said of the pseudoephedrine example described in Box 3-2) to solve the immediate problem, in this case, access, without solving the ultimate problem, terrorism, and to incur considerable cost in the process.
The comparison of costs is less clear (see Table 5-4). The strategy that features the ban ranks best on expenditures for implementation, administration, and enforcement and on transaction time, but ranks worst, because of its stringency, on forgone sales, forgone use, and noneconomic social costs. In addition, the potential for commercial disruption—which bears directly on sales and use—might increase with stringency, which would reinforce the negative results, whereas the potential for over-implementation could push in either direction, depending on commercial status. Licensing occupies the middle ground on enforcement expenditures, forgone sales, forgone use, noneconomic social costs, and transaction time, but ranks poorly on implementation and administration expenditures. The strategy that features the registry ranks best on forgone sales, forgone use, and noneconomic social costs; it occupies the middle ground on expenditures for implementation and administration; and it ranks worst for
TABLE 5-4 Control Strategy Rankings by Cost
|Rank of Strategy by Cost|
NOTE: Summary of rankings of strategies with new controls by cost type (not including benefits and uncertainties). First is the least costly, and third is the most costly. The order of the costs within each rank (first, second, or third) has no analytical significance.
transaction time and enforcement expenditures. Cost by cost, the strategy that features the registry ranks somewhat better than the strategy that features licensing in most, but not all, regards.
Among the three control strategies, the assessment suggests a tradeoff between cost types: The strategies that rank well on the direct costs (expenditures on implementation, administration, and enforcement) rank less well on the unintended consequences (forgone sales, forgone use, noneconomic social costs, and transaction time), and vice versa.
Overall, the assessment of benefits, costs, and uncertainties suggests that the benefits of stringency might come at the price of lost economic surplus to both sellers and buyers, noneconomic social costs, displacement, and commercial disruption. As OMB instructs (see Appendix G), a good regulatory analysis must consider ancillary benefits, unintended consequences, and what the committee refers to as uncertainties.231 To choose a strategy, the policy community would need to flesh out the details of each strategy and, to the extent possible, put numbers into the analysis.
Finally, whether a measure or activity is mandatory or voluntary might affect the likelihood of a retailer’s compliance and, hence, the efficacy of any strategy. If a measure or activity is mandatory—required under federal, state, or local law or ordinance—compliance incentives could flow from threats of fines or imprisonment as well as concerns about market responses, moral culpability, and liability. By contrast, a voluntary program would not a convey a statutory threat, but concerns about market responses, moral culpability, and liability would persist. A retailer might not want to be seen as a business that enables terrorism or to learn
that it has enabled terrorism, if it might lose sales from reputational damage, do harm to others, or bear financial responsibility.
In addition, an active trade association—for example, one that offers outreach, training, reporting, or other programs—can introduce reinforcing incentives to a voluntary program. For example, trade associations can and have conditioned membership and benefits on compliance, highlighted members’ accomplishments, issued public reports on members’ performance, and adopted other tactics that shine light on members’ behavior (Chapter 3). Still, a mandatory measure or activity, under force of law, is likely to carry more weight than a voluntary measure or activity.
Thus far, this chapter has set aside some of the practical concerns raised in other chapters that could be relevant to the assessments at hand. In Chapter 4, the committee presented evidence from the European Union (EU),191 United Kingdom, and elsewhere on implementation challenges that relate to market breadth and reach, customer identification, and harmonization. Although the EU has not yet accumulated enough experience to allow the committee to speak definitively to these challenges, it has accumulated enough experience to suggest implications for U.S. policy makers.
The EU and EU member states (MS) have had difficulty reaching all retail outlets because precursor chemicals are constituents of wide-ranging, broadly distributed products that are sold at brick-and-mortar outlets and online. Although European officials have been working with trade associations and engaging with internet retailers to address potential vulnerabilities, it might not be possible to reach everyone or address all the gaps fully. The United States presents a similar retail landscape, so similar problems can be expected. Moreover, as noted in Chapter 4, European officials have faced difficulty distinguishing between commercial and noncommercial purchasers and also between eligibility and need. If U.S. policy makers were to attempt to distinguish between commercial and noncommercial purchasers, they would need to carefully consider means of implementation.
Harmonization is, perhaps, more complicated. The European legislation, albeit applicable to all EU MS and thus “harmonized” as an overarching regulatory framework, provides the states with considerable flexibility by leaving open decisions about how to restrict the general public’s access to certain precursor chemicals, be it through a ban, licensing, or a registry. At present, most of the 28 EU MS have complied with the legislation, but they have done so differently and without reciprocity, which has presented challenges for business seeking to engage in interstate commerce and might create opportunities for terrorists to game regulations across EU MS.
Policy makers in the United States might face similar concerns about ju-
risdictional difference, both in contemplating federal, state, or local controls and in developing or encouraging related mandatory or voluntary measures and activities. For example, several states already restrict access to ammonium nitrate (AN), but they do so by different means. The committee did not conduct a thorough review of legislation across states, but did observe a lack of uniformity in state law. Evidence obtained from a regulatory body in one state suggests that differences in states’ rules might lead to confusion among AN distributors, retailers, and purchasers that could interfere with commerce—across or within states—and undermine one or another state’s efforts to mitigate risks. The evidence, both foreign and domestic, suggests a potential role for national coordination, if not federal legislation, as a matter of commerce and security.
The committee offers three final comments on policy design and analysis: more specifically, on providing flexibility to leverage experience, on harvesting lessons-learned to leverage experience, and on the need for future analytical efforts.
First, experience that is fed back into policy design and implementation can be used to improve both of these dimensions of policy, but only if policy makers can revisit or even re-craft some aspects of whatever control strategies they choose initially. They cannot leverage the experience if the strategies are unalterable. Each of the foregoing control strategies is defined generally and can be amended insomuch as policy makers can add or subtract precursor chemicals, as they have in Europe (Chapter 4); can curb or extend provisions to cover a smaller or larger slice of society, as the EU is contemplating; and can add or subtract supplemental measures and activities. The previous Academies’ study suggested shifting from one level of stringency to another with changes in the policy environment, but wholesale adjustments might be difficult, in practice.14 It could, however, be easier to shift from a less stringent set of requirements to a more stringent set in response to a change in circumstances.
Second, as a related matter, policy makers cannot leverage experience if they cannot harvest it through evaluation or other means. Developing metrics, measures, or other tools to assess the effectiveness of a control strategy that is already in place presents methodological and practical challenges much like those of retrospective regulatory assessment (Appendix G). For example, it might be difficult to separate the effects of a control strategy from the effects of everything else that is happening in a particular environment, in part because little is known about the underlying risks and data are scarce or sensitive. A terrorist event might not occur because a control strategy worked, because such events rarely occur in any case, or because the terrorists chose a different course of action.
Notwithstanding the analytical challenges, the policy community could take a step toward evaluation by reviewing program implementation, treating the EU’s experience with its control strategy as a test case, and, potentially, experimenting with a broader range of methodologies. Program participation rates and results from audits and inspections, including mystery shopping, can be used, for exam-
ple, to review the extent to which controls, measures, and activities are up-and-running and how they are playing out, at least administratively. Moreover, the EU’s continuing experience with bans, licensing, and registration might provide fertile ground for an analysis of those types of controls. As time passes, it might be possible to learn more about what is or is not working in the EU, the related costs and unintended consequences, and the applicability of lessons learned to U.S. policy making. Obviously, the EU and United States face substantially different threats and differ in many social, political, and economic regards, but it might still be possible to learn from the EU’s experience.
In addition, it might be possible to make better—or additional—use of data on terrorist episodes, not only for purposes of regulatory impact assessments, but also for conducting other types of supporting analyses.236,237 Approaches might include, for example, applications of fault trees and dynamic behavioral models that can provide insight to terrorists’ and others’ responses to policy and threats. Even if some data must be held closely because of their sensitivity, data still can be used in rigorous analyses that are subject to peer review, criticism, and scrutiny, in accordance with appropriate restrictions on handling and distribution. Work to address the limitations of current analytical methods (Appendix G) could, eventually, help to support a more complete assessment of possible controls.
Third, this report constitutes a starting point, not an ending point, for analyzing possible control strategies. Whereas this report sets out an analytical framework and draws insight from a notional, qualitative assessment of benefits, costs, and uncertainties, a full consideration of specific regulatory or other actions would require more time, data, industry participation, and specificity, including a clear articulation of the structure and content of proposed regulatory or other actions. With more deliberative thinking now, the policy community might avoid the pitfalls of intuitive thinking later.