It's hard to fathom now, but we used to be able to arrive at the airport just minutes before a flight. We'd keep our shoes and coats on as we went through a simple metal detector, and virtually anyone could go right to the gate without a boarding pass or even showing an ID.
The 19 al-Qaida-affiliated terrorists who hijacked four commercial jetliners on Sept. 11, 2001, knew that and exploited lax airport security measures, strolling through metal detectors at four airport security checkpoints with ease, with deadly weapons in hand. This allowed the hijackers to commandeer those airplanes and use them as jet fuel-filled missiles as they flew them into the twin towers of the World Trade Center, the Pentagon and a field in Shanksville, Pa., killing nearly 3,000 people.
"It was so easy — a lot of us were surprised it hadn't happened sooner," says Jeff Price, who was assistant security director at Denver International Airport on Sept. 11, 2001, and is now an aviation security expert at Metropolitan State University of Denver.
Airport security at that time was carried out by private contractors, usually hired by the airlines, with few federal standards. Those security contracts usually went to the lowest bidder.
"Before 9/11, security was almost invisible, and it was really designed to be that way," Price says. "It was designed to be something in the background that really wasn't that noticeable and definitely did not interfere with aircraft or airport operations."
"You could walk up to the gate at the very last minute. You did not have to have a boarding pass," Price says. "All you had to do was go through the security checkpoint — no questions asked, no ID needed."
That forever changed on Tuesday, Sept. 11, 2001.
Now, travelers often stand in long lines at security checkpoints with wait times that can exceed an hour. We take off our shoes, empty our pockets and take laptops and other devices out of carry-on bags before stepping into high-resolution, full-body scanners, while our bags go through 3D-imaging X-ray machines. And don't forget to take your liquids of 3.4 ounces or less out of your carry-on.
Some of us enroll in known- or trusted-traveler programs such as PreCheck, surrendering some of our privacy in an effort to have a smoother expedited screening process.
Aviation security experts acknowledge that prior to 9/11, no one envisioned suicide terrorists wanting to use commercial airplanes as weapons and being willing to kill themselves in order to kill hundreds of innocent people.
Now, counterterrorism and homeland security officials in the federal government work to imagine the unimaginable and enhance defenses to prevent the ever-changing and growing threats to aviation security.
Here's a look at how airport security has evolved over the past 20 years.
Sept. 11, 2001: Terrorists hijack and crash four passenger jets
The 19 hijackers checked in for their flights at the airport in Portland, Maine, at Boston's Logan International Airport, at Liberty International Airport in Newark, N.J., and at Dulles International Airport in the Washington, D.C., area.
When Mohamed Atta checked in at the Portland airport with a fellow hijacker for their short flight to Boston, he was selected for additional scrutiny under what was then known as CAPPS (Computer Assisted Passenger Prescreening System). But according to The 9/11 Commission Report, "Under security rules in place at the time, the only consequence of Atta's selection by CAPPS was that his checked bags were held off the plane until it was confirmed that he had boarded the aircraft. This did not hinder Atta's plans."
Several of the other hijackers were flagged by CAPPS at the other airports, but none was questioned and they were allowed to board in the same way Atta was — without much additional scrutiny. As they strolled through metal detectors at the airports, a couple of the hijackers set off alarms, but they were quickly cleared and sent on their way after going through a second metal detector or being scanned by a hand-held wand. It's not clear what exactly set off the alarms, but according to The 9/11 Commission Report, the hijackers used knives and/or razor blades in their attacks, which they likely had on them or in their carry-on bags. Even if those weapons were detected, it wouldn't have mattered.
"The FAA allowed knives of up to 4 inches in length on board an aircraft," says Price, the aviation security expert. "So even if the hijackers would have been caught with their knives prior to boarding the plane, the screeners would have handed it right back to them. "By 8:00 A.M. on the morning of Tuesday, September 11, 2001, they had defeated all the security layers that America's civil aviation security system then had in place to prevent a hijacking," The 9/11 Commission Report states.
September and October 2001: enhanced airport security, fewer Americans flying, longer wait times in airport security lines
After the planes hit the twin towers and the Pentagon, the Federal Aviation Administration immediately ordered all remaining commercial aircraft still in the air to land at the nearest available airport. All flights remained grounded until Sept. 14. But when air travel did resume, very few Americans were willing to fly. Nonetheless, in the days and weeks after the stunning terrorist attacks, airport security immediately intensified.
Armed National Guard soldiers joined local and state police in some cities to help patrol airports and screen travelers. Knives, box cutters, razors and other types of blades were banned, and the list of other items prohibited on aircraft grew significantly.
Airport security officers began searching through carry-on bags and patting down passengers, and that, according to Price, is when wait times in airport security lines started to grow longer, even though few Americans were flying. He says authorities were "slowing down the lines at the checkpoint to do a more thorough search of passengers and baggage."
November 2001: The Aviation and Transportation Security Act creates the TSA; checked baggage screened by X-rays
Congress passed and President George W. Bush signed the law that would create the Transportation Security Administration, which would become part of the newly created Cabinet-level Department of Homeland Security.
In addition to creating the TSA, the Aviation and Transportation Security Act required 100% of all checked baggage to be screened by X-rays, the Federal Air Marshal Service was expanded to put more armed air marshals on many more flights, and the law required airlines to reinforce cockpit doors on their aircraft to prevent attackers from entering.
The law also mandated that the TSA oversee security for all modes of transportation, such as passenger rail (including Amtrak) and intercity bus travel. Experts say the TSA was a major step forward in improving security.
December 2001: the shoe bomber and how shoe removal at airport security checkpoints started
On Dec. 22, 2001, on an American Airlines flight from Paris to Miami, British-born terrorist Richard Reid tried to detonate explosives that he had packed in his shoes. Passengers subdued and restrained Reid as the flight was diverted to Boston, the closest airport.
Investigators later said that Reid had enough explosive material to blow a hole in the fuselage of the plane, but that rainy weather and Reid's foot perspiration made the fuse too damp to ignite. Reid pleaded guilty to eight terrorism-related charges in October 2002 and was sentenced to three consecutive life sentences and 110 years, with no possibility of parole. The incident led to the TSA and airlines asking passengers to voluntarily remove their shoes when going through screening at airport security checkpoints.
December 2002: deploying explosives detection systems, very detailed 3D images
The TSA meets the mandate to screen 100% of all checked luggage by deploying machines that can scan bags for explosives and other dangerous weapons in every airport in the country.
The technology used in these screening systems has improved greatly over the intervening years, according to Deb Scovel, a TSA baggage and checkpoint supervisor at Chicago O'Hare International Airport, who says today's X-ray scanners are similar to CT scanners used in hospitals.
"The X-rays take images of it from all sides," says Scovel, "so it does an all-around picture of whatever goes inside so you see it from every point of view." She says the 3D images are so detailed that "I can tell you the difference between Irish Spring and Dove soap — yes, I can. And officers that have been here a while can do the same thing. You can tell the difference between an Apple and a Dell laptop; they're very detailed."
April 2003: Pilots start to carry firearms on board flights, and other cockpit protections
The first pilots certified under a voluntary program allowing them to carry handguns were on board flights. Bush signed the Arming Pilots Against Terrorism Act into law in November 2002, and the TSA began training flight deck personnel on how to use firearms on board, if needed, soon after.
Also in April 2003, the TSA announced that all airlines had met the requirement to reinforce cockpit doors on their entire fleets of planes.
Pilots and their unions continue to push for additional cockpit barriers and fortifications to protect them from possible attacks from outside the cockpit.
August 2006: liquids banned, shoe removal mandated and more air marshals added
British authorities disrupted a terrorist plot to detonate liquid explosives on board 10 commercial aircrafts bound from London to various cities in the U.S. and Canada. U.K. prosecutors alleged the would-be bombers prepared to disguise the explosives as soft drinks in 500-milliliter branded plastic bottles.
As a result, the TSA banned all liquids, gels and aerosols from passenger carry-on luggage.
A month later, in September 2006, the TSA lifted the ban on liquids and amended its rule to allow airline passengers to carry liquids, gels and aerosols in containers of only 3.4 ounces or less in a single, clear, resealable 1-quart plastic bag that had to be removed from carry-on baggage when going through security screening.
August 2006 is also when the TSA began to require that all travelers remove their shoes so footwear could be screened for explosives at airport security checkpoints.
The TSA also began deploying more federal air marshals, including on international flights.
March 2008: Canine units join airport security forces
Although bomb-sniffing dogs were already being used in a limited capacity as part of transportation security, the TSA began deploying canine teams to specifically aid in the screening of cargo loaded onto passenger aircraft at U.S. airports.
The program later expanded to use dogs to detect possible explosive materials on passengers and in checked and carry-on baggage.
December 2009: the "underwear bomber" and the installation of full-body scanners
On Christmas Day 2009 on board a Northwest Airlines flight from Amsterdam to Detroit, al-Qaida extremist Umar Farouk Abdulmutallab tried to detonate an improvised explosive device that he had hidden in his underwear.
Abdulmutallab later told FBI agents that he had been following the jetliner's flight path on his seat back's screen, as he wanted to blow up the plane over U.S. soil. Inside his briefs, he had explosive chemicals that would ignite when mixed. After going into the plane's lavatory to make final preparations, he returned to his seat and pushed a plunger to mix the chemicals.
But the volatile mix didn't explode as he intended, possibly because of excess moisture after the chemicals were inside his pants for so long. The mixture only caught fire, seriously burning Abdulmutallab, who tried to get his burning pants off before fellow passengers and crew members subdued him.
Abdulmutallab later pleaded guilty and was sentenced to life in prison.
In response to the failed attack in which a terrorist was able to sneak dangerous explosives through security, in March 2010 the TSA began installing hundreds of full-body scanners that used advanced imaging technology.
By the end of 2010, approximately 500 such machines were deployed nationwide.
December 2011: TSA PreCheck begins, vetted travelers pay to go through shorter security lines
With hundreds of millions of travelers passing through the TSA's airport security checkpoints each year, the agency wanted a better way to discern who was and who wasn't a serious threat. So it started its known- and trusted-traveler PreCheck program to provide expedited screening for those willing to pay for it and undergo a more detailed background check.
The TSA says it makes risk assessments about passengers prior to their arrival at airport checkpoints via these thorough background checks. Vetted travelers pay $85 for a five-year membership and get to go through a shorter security line where they no longer have to remove shoes and belts.
The TSA, meanwhile, says it is able to focus resources on more high-risk and unknown passengers.
June 2015: TSA flunks undercover tests
The TSA's inspector general reported that 95% of the time, TSA officers failed to detect weapons, explosives and other prohibited items that undercover agents smuggled through various airport security checkpoints.
The astronomically high failure rate led to the reassignment of Melvin Carraway, who was then the TSA's acting director. It also prompted significant changes in TSA training and procedures, including enhanced screening and increased random searches.
March and June 2016: attack outside Turkish airport security perimeter, concerns about soft targets
In June 2016, three suicide bombers who had been turned away at an airport security checkpoint opened fire with semiautomatic weapons before detonating explosive belts at Ataturk Airport's international terminal in Istanbul, killing themselves and 45 other people, while injuring more than 200.
That deadly assault followed a similar coordinated terrorist attack just three months earlier that killed 32 people and injured more than 300 at an airport terminal and subway station in Brussels. The incidents raised concerns about what security experts call soft targets — the areas outside the hard security perimeter where large groups of people wait at baggage claim, line up at check-in counters and kiosks or queue up to go through security checkpoints.
Some critics, including counterterrorism expert Tom Mockaitis at Chicago's DePaul University, say it exposes a flawed approach to security.
"I've seen, in this country, us waste literally millions of dollars on what I call placebo security — highly visual measures like armed guards strutting up and down in our airports, you know, creating a feeling of well-being and a feeling of security without providing any real added benefit," Mockaitis told NPR in July 2016.
March 2017: the laptop ban
The Trump administration, citing threats gathered from credible intelligence sources, prohibited travelers from certain countries from bringing laptops, tablets and other large electronic devices into the cabin on commercial flights to the United States.
John Kelly, secretary of homeland security at the time, said the intelligence indicated that terrorists were developing bombs powerful enough to bring down an airplane but small enough to be hidden inside those devices. The laptop ban affected travelers from 10 airports in eight countries with majority-Muslim populations.
"We didn't feel at the time that overseas airports had the kind of security initially that could give me a comfort that they could detect this device, the airports in those countries," Kelly said a couple of months after the ban was imposed.
The laptop ban was lifted in July 2017.
June 2017: facial recognition, biometric screening and privacy concerns
In 2017, some airlines, in collaboration with the TSA, began trials of facial recognition software that allows passengers' faces to be their boarding passes.
The system takes a photo and matches it with one on file with the airlines, speeding up the passenger-screening process and providing greater customer convenience. And because users of the system must be enrolled in the federal government's known-traveler program, it provides an extra layer of security.
But this and other biometric-screening methods, which could allow the government to track your whereabouts at home and abroad, raise significant privacy concerns, as NPR's Asma Khalid reported.
Aviation security experts say the TSA's efforts to expand the use of facial recognition and biometric screening was significantly delayed by the COVID-19 pandemic but could begin to ramp up again in the next couple of years.
September 2021: still room for improvement but layers of hard and soft security
TSA officials say aviation security continues to evolve to address ever-changing threats, with a layered approach that involves surveillance, intelligence and technology. The agency has 65,000 employees and spends billions of dollars each year in an effort to stay one step ahead of potential foreign and domestic terrorists.
"People are very creative. The threats are very creative," says Louis Traverzo, the TSA's deputy federal security director. He adds: "It's up to us to anticipate that, and it's up to us to look at those things and try to come up with ideas to counter methods" that terrorists may come up with.
There hasn't been a successful attack against commercial aviation in the U.S. in the 20 years since 9/11, and outside experts agree that while there is still room for improvement, the TSA has been effective in preventing another terrorist attack.
A previous version of this story mistakenly said hundreds of millions of travelers pass through the Transportation Security Administration's airport security checkpoints each day. Those numbers pass through each year.