> At least that racket pays the government directly.

Yes and no? Yes, it creates jobs and pays people but it isn't like funds are being used to benefit society. They aren't being used to build roads or schools. There's no evidence to show that these funds are making flights safer either. We're giving up a lot of privacy for this and even giving up more, with the real ID act and pushes for facial recognition technologies. I think a lot of people, including me, would feel better about these inconveniences and the extra money we pay for them, if there was any real evidence to suggest that they actually made us safer. But since there isn't, after two decades of data, I wouldn't blame anyone for calling it a racket (as defined above).

But on top of that, there's further rackets like what you are referring to. But the government also participates in this directly (Clear is indirect) through the TSA precheck.

A racket can have multiple levels and multiple actors.

Yes, I do not support either racket, but letting a private company insert themselves is an escalation

I don’t think there can be data

A well-run IT department will never have data that they prevent IT disasters

I'm not sure that this is true. There's two obvious ways that an IT department can measure this.

1) They can see people attacking the system. We can even often see what these people are attempting to do! A lot of security research is focused on this, figuring out what attackers are trying to do.

2) We have post hoc analysis. We can see lots of attacks and then provide an intervention and see if those decrease. Since terrorist attacks were black swan events you're right that we can't really measure the effect of TSA, but then again, do we need to address black swan events? At least we need to compare the costs and it is pretty clear that the yearly number of increased deaths due to driving alone is higher than the number of deaths from decades of terrorist attacks and hijackings.

I'd say we have pretty good data in both cases to make fairly reasonable conclusions about how effective these interventions are. There's a reason very few people question the need for an IT department. The ones that do don't question it for long after attempting to run without them.

Well I’m more talking about preventive maintenance

The act of doing your job in IT means problems never come up and you can’t really measure what didn’t happen

I think you're missing part of the equation which I addressed. The whole reason IT departments implement security measures is because prior to their implementations they would have services consistently cut off. But even today you can see people attempting to access the networks. This is definitely measurable. We can see attempts to access specific ports, scanners, DDOS attempts, and a lot more. I'm not sure why you think this can't be measured. Measuring these attempted attacks is a major part of defense and even a bigger part of defense research. We don't have the same parallel in TSA but we do have some parallels in other areas of physical security. So honestly, I don't know what you're going on about because these easily demonstrable facts. Anyone who has run a home server has experienced this.

I got this free via a credit card, and the looks I got from the line as I was personally ushered past all of them was enough to make it a one-off thing. Heh.