- GAO spotlights access, perimeter problems
- At long last, better EDS machines?
- Opt-out guidelines leave much to be desired
- TSA conflict of interest issue won't go away
- News Notes
The General Accounting Office's June report on airport perimeters and access control (www.gao.gov/cgi-bin/getrpt?GAO-04-728) makes for grim reading. As it lays out in great detail, nearly three years after enactment of the Aviation & Transportation Security Act (ATSA), adequately protecting commercial aircraft from bad guys serving as airport vendors or ramp workers remains the stepchild of the Transportation Security Administration.
In part this failing reflects the divided nature of airport security, for which Congress itself is responsible. As GAO points out, ATSA gave TSA direct responsibility for providing passenger and baggage screening services, but gave it regulatory authority over airport operators' efforts to control access to secure areas and protect airport perimeters. Divided responsibility was a bad idea then in principle, and the GAO report makes clear that it's a bad idea in practice.
Over and over again the report faults the TSA for not following various mandates in ATSA, such as giving airports recommendations on access control technologies within six months of the Act's passage and developing a 12-month deployment strategy for commercially available technology for these purposes as the largest and busiest airports. It has not implemented an ATSA mandate that all airport workers in 'sterile' (past the checkpoints) areas of terminals get security training. It has not required airport vendors with access to aircraft on the tarmac to develop security programs. Overall, GAO concluded that, "TSA has not yet determined how it will address the resource, regulatory, and operational challenges of dealing with the security weaknesses of airports, prioritizing the funding of improvements, or reducing the risks posed by airport workers."
To be sure, just because Congress included a mandate in ATSA does not mean that mandate was wise or cost-effective. But rather than making ad-hoc deviations from such mandates, TSA (and parent Department of Homeland Security) leaders should be proposing constructive alternatives to Congress. If they really went back to first principles, TSA management should argue for a fundamental change of focus in its mission. Recognizing that divided security is inherently problematical, they should support something like the European model, in which unified airport security is the responsibility of each airport's management, and the federal role is refocused on oversight. Today's TSA has 45,000 screening staff, performing direct security operations at about 450 airports. But its regulatory inspection staff totals just 358 people (well under even the 639 authorized by DHS). And this is to oversee 450 commercial airports at which a million airport and vendor employees have access either to the aircraft areas (900,000) or the secure areas of the terminals (100,000). If TSA were refocused as a security research, policy-making, and regulatory agency, the vast majority of its screeners could be transferred to the airports or certified contractors. But some would remain at TSA to greatly beef up its inspection staff.
Think about it: unified security at each airport (the buck stops there!) and greatly strengthened arms-length oversight. That should produce much better security than we have today at airports.
Back in 2002, as airports and the TSA were gearing up to meet the congressional mandate for "100% explosive detection screening" of all checked luggage, the airport directors at Denver and Jacksonville pinned their hopes on a technology from Europe called multi-view tomography (MVT). Unlike the rotating X-ray technology used in the only two TSA-certified EDS machines (from InVision and L-3), MVT involves three to five fixed X-ray sources that take a multiple-view scan of the bag. The advantage is a much faster throughput of bags -- up to 1,800 per hour, eight to ten times as much as today's EDS machines. But despite MVT's certification by a number of European governments, its principal manufacturer, Heimann Systems of Germany, was unable to get it through the TSA approval process in 2002.
Fast-forward two years, to summer 2004. Heimann has been acquired by London-based Smiths Group, as part of its Smiths Detection Inc. division, based in New Jersey. Its latest MVT, now called Smiths EDTS, is in use at airports in Berlin, Dusseldorf, and Frankfurt, Germany; Paris (Charles deGaulle), London Heathrow, Glasgow, and other airports in Italy, Serbia, and Sweden. In June, Smiths conducted a three-week pilot program checking Amtrak baggage at Union Station in Washington, DC. And it is now in testing at the FAA Technical Center in Atlantic City, for possible TSA certification for airport use. If this machine can win TSA certification, it will be a god-send for hard-pressed airport directors trying to afford to replace lobby EDS installations with automated in-line installations, out of sight in baggage-processing areas. Even if its throughput rate is only five times that of existing EDS machines, that would still mean one machine doing the work of five - and thereby taking up only 20% as much space and requiring only 20% as much investment.
Just switching to automated, in-line EDS with the existing slow machines speeds up bag processing and can reduce screener staffing by 25 to 50%. Think how much more the productivity gains would be from going to a much faster machine. And since TSA is supposedly cross-training baggage and passenger screeners, freeing up half or two-thirds of the baggage screeners to staff the checkpoints should do wonders for the hour-long lines plaguing many large airports this summer.
Despite a lot of weeping and wailing in the media and some quarters in Congress about the "arbitrary" limit of 45,000 TSA screeners, there would be no shortage of checkpoint staff if the agency were going all-out to modernize the technology used in baggage screening. Only a handful of airports have been funded to convert from lobby-based, manually loaded EDS to in-line systems, and it's anybody's guess how many months (or years) it will take to get a faster machine certified. So don't expect any relief this summer.
Last month the TSA issued its long-awaited guidelines to implement the provisions of ATSA that allow all airports to request permission to opt out of TSA-provided passenger and baggage screening as of this November. Both TSA and House Aviation Subcommittee chairman John Mica keep repeating the estimate that 25% of all commercial airports may apply. But after reading the guidelines and listening to airport director comments, I'm not so sure.
First, the good news. In the guidelines, TSA acknowledges that its centralized hiring and training of screeners is a problem. Not only is it running a pilot program at Boston Logan to test a more decentralized approach, but it expects that such decisions will be made locally by opt-out airports. Secondly, it promises to give airport directors serious input into the process of selecting a screening contractor for their airport. And third, it is willing to let airports themselves be the security contractor (a model that has been tested over the past two years by the Jackson Hole, WY airport).
But as many airport directors have been quick to point out, the guidelines inadequately address their three most important concerns regarding potential improvements from opting out:
- Workload. TSA will still divvy up its screening staff budget among airports once a year, leaving the opt-out airports with the same dilemma they have today. With airline service increasing and decreasing throughout the year, only by coincidence will they have a good match between staff numbers and screening demand. Far better would be a new formula recomputed each month for all 450 airports. That would let the (more flexible) private contractors ramp-up or ramp-down their work forces, accordingly, which would give airports that opt out very tangible improvements in service.
- Liability. Under the Safety Act of 2002, companies providing "qualified anti-terrorism technologies" get limited liability protection. Since ours is a service economy, the same protection ought to be extended to companies providing anti-terrorism services, such as airport screening. If TSA cannot make this determination, it should ask Congress to explicitly do so to help make opt-out a viable program.
- Control. The opt-out program offers TSA the opportunity to put in place and gain experience with the European model of airport security, under which the implementation responsibility is delegated to each airport, under strong federal oversight. Under a revised opt-out model, the airport director would select the best security contractor (from a list of those meeting TSA standards), subject to final sign-off by the TSA's Federal Security Director (FSD) for that airport. The screening contractor would then report to the airport director, just as do other airport security staff dealing with functions such as access and perimeter control. All such security functions would be under the regulatory supervision of the FSD.
Apart from (perhaps) the liability issues, these revisions appear to be within TSA's purview in interpreting the opt-out language of the ATSA legislation. According to Airport Security Report (7-14-04), "TSA considers the program guidance a work-in-progress and will continue to release further directions on the program." Airport directors favoring these suggestions should let TSA and their trade associations know.
Quite a few news articles crossed my desk over the past four weeks in which TSA screeners were the focal point. Articles in the Wall Street Journal and Los Angeles Daily News identified passenger complaints about stolen or damaged items from checked baggage as the number one air traveler complaint about security and noted that TSA gets complaints at nearly three times the rate of the airlines. Several stories at the end of June reported screener firings over theft from checked luggage: 4 canned at Ft. Lauderdale International and 13 at New Orleans International. Other stories reported allegations by screeners in Buffalo, Houston, LaGuardia, and Tampa that they were ordered to let unscreened bags through, so as not to delay flights.
In the Houston case, the AP story reported that two internal investigations "found no evidence that unscreened luggage was loaded onto passenger jets." So, I guess that settles it, right? Not quite. Note that these were investigations internal to TSA itself. When a government agency is charged with serious misconduct, should we really be satisfied that it gives itself a clean bill of health? There are two problems with this picture. One is perception: the whole idea of "federalization" was to give the public warm fuzzy feelings of safety, because our government was in charge. But if TSA is perceived to be covering up its failings, what happens to those warm fuzzy feelings?
Even worse, what if it's more than just a problem of perception? There is a natural tendency in all large bureaucratic organizations (public and private) to defend themselves, and always a temptation to cover up embarrassing lapses. That's why we often design institutions with arms-length watchdogs, rather than letting the watchdogs watch themselves.
All of which is to say, one more time, that combining the provision of security services with the regulation of security is a built-in conflict of interest. Congress created that conflict, and it's incumbent on Congress to fix this mistake.
Delta Offering Self-Defense Training. Amid calls by the Association of Flight Attendants for security training, Delta in May announced a new voluntary self-defense training course for its 14,000 flight attendants. AFA president Patricia Friend told a Senate committee in June that most flight attendants are still being trained to cooperate with hijackers. TSA, meanwhile, is revising a basic cabin crew training curriculum previously given to the airlines.
Airborne Suicide Bomb Threat Finally Gains Attention. The TSA is under way with a 30 to 45-day trial of explosive-detection portals aimed at detecting explosive particles on the person of a passenger going through screening. The devices, called IonTrack and made by General Electric, will be tested at up to five airports around the country. The passenger must remain in the portal for several seconds while a quick blast of air is analyzed for traces of explosive particles.
TSA as Airline Re-Regulator? Eyebrows were raised in June when newspapers reported that the TSA "tried to block JetBlue's expansion into Mineta San Jose International Airport and warned airport officials that its passenger and baggage security system won't be able to handle any significant expansion." (San Jose Business Journal, 6-14-04). Rep. Mike Honda (D, CA) quickly raised the alarm, and a TSA spokesman equally quickly backpedaled. And JetBlue remained undaunted. The airport has 285-290 full-time equivalent screeners, compared with 434 authorized by TSA.
Secondary Cockpit Door. The vulnerability of airliner cockpits when the door is open for meal-service or bathroom breaks was noted in a previous issue of this newsletter, as was airline pilot Bob Semprini's design for a secondary door that could seal off the cockpit area when the primary door needs to be opened during flight. On July 9th, Rep. Steve Israel introduced a bill to require the FAA to require the installation of such doors on all commercial airliners. I'm glad to see the problem getting attention, but it would be far more appropriate to require a study of costs versus benefits before issuing yet another mandate.