False choice. I choose neither.

Now to the main topic ...

If TSA were to really employ a risk based model, statistically speaking, the greatest risk is significantly higher for trusted insiders than outsiders. The agency I work for get this, and spends significantly more resources on protecting against internal threats. This is despite everyone in the facility having very high level clearances after very thorough vetting. Information access is limited by the "need to know" principle and it's enforced on many levels.

That doesn't mean the outsider threat is ignored - it clearly isn't. Measures are taken to mitigate those risks too. However, much more emphasis is placed where it belongs.

TSA has already shown that the greatest threats we face are from the inside. Drug dealers, gun runners, thieves, sexual predators (and no, I'm not talking about those working the checkpoint but ones actually charged and arrested), convicted felons, and more have been found to be working at TSA. Yet these guys are given a pass because they've had a minimal background check.

TSA does not understand what risk analysis is and how to mitigate it. It only knows a way to try to avoid it or find a way to ignore risks that it'd rather not deal with - like the insider threat. It doesn't surprise me in the least that we see significantly more breaches resulting from inside TSA than we see from pax causing them. That's statistically how it works and how it has played out over the last several years.

If TSA were to truly implement a risk management approach, it would pretty much require a drastic overhaul of not only the equipment it uses, but also how it does business. I don't see any of that happening anytime soon. The only real way to do that would be to dismantle it and start all over again. It's been 10 years and it's deeply ingrained in the culture. That isn't going to be fixed.

Super