In a speech to the Chartered Institute of Logistics and Transport in London Sir Martin Broughton, launched a scathing attack on the current “one-size fits all” system of security checks at airports which, according to the chairman of British Airways, treat a Yemeni student in the same way as an airline pilot. Sir Martin argues for a more “risk-based” approach which would make more use of passenger profiling. The speech is reproduced in full below:
Overcoat off, jacket off, laptops out, liquids in special plastic display bag, belt off, shoes off, jewellery off. Juggle all items into trays and onto x-ray belt together with hand luggage. Then reassemble on the other side, having been intimately hand-searched in the meanwhile just because you left a 50p coin in your pocket by mistake.
Sounds familiar? Welcome to Security at Airport International.
It’s summed up in the story of the woman in O’Hare flying to Omaha. She’s in a long line at security checkpoint for Concourse B waiting forever. By the time she finally gets to the head of the queue it’s clear she will miss her flight if it takes off on schedule.
The security guard looks at her ticket and says “I’m sorry Ma’am but you’ve got a problem here”
“Yes”, she sighs, “it looks like I won’t make the flight to Omaha”
“No” says the guard, “this is the line for missing the flight to Houston. The line for missing your flight to Omaha is at Concourse C”.
Annoying though the whole airport security process might be – and I can promise you from comments from our customers it is intensely annoying for many of them – the key questions to ask are:-
Does it work? Is it all necessary? Are there more effective ways of achieving security?
And most important of all: can we improve the level of security while operating in a more passenger-friendly way?
The last point is critical. This is not a plea for reduced levels of security. It’s a plea for better security – and paying more heed to the needs of the aviation customer. These two aims are perfectly compatible.
Where to start?
It would help to take a holistic look at security.
The current procedures have grown Topsy-like, with each new procedure being super-imposed on the existing structure every time there is a new security incident. Every time, it’s a procedure to stop a repeat of what has already been attempted rather than a programme to prevent the next new attempt by terrorists.
We need to be using data better – data that we and Governments have.
Positive data – for example, people who have been security cleared
Negative data – for example, Government watchlists and other data that points to reasoned selection.
In other words – a risk-based approach to security rather than a one-size-fits-all based approach.
Let me give you an example. Let’s start with the Trusted Traveller Programme.
I remember leading a delegation some five years’ ago in discussions with Michael Chertoff, then Secretary of Homeland Security about a Trusted Traveller Programme.
Chertoff talked a good story. He spoke about easing the frustrations of the consumer and the need to keep passenger traffic flowing.
In practice he did little. He promised to engage with the international aviation industry but never followed through. Perhaps he was too busy building his 700 mile fence along the Mexican border.
It became evident that zero security incidents in the US was the only priority and the passenger didn’t really enter the equation.
In this regard, things have moved ahead slightly since Janet Napolitano came into office.
The Global Entry System is now in operation at 20 US airports and is being gradually opened to non-US citizens.
It’s designed for frequent travellers.
For $100 you can obtain 5 year membership, through an interview, a security check and the use of biometric information – and then enter the US through automated kiosks.
It’s a start – but only a start.
It’s the immigration bit. And to eliminate the immigration queues in America for $100 must be good value.
But if these are trusted travellers, don’t they deserve a trusted traveller security regime as well? That’s not to say zero security checks but a kind of “security light” approach.
Perhaps on a green light/red light random buzzer approach like Customs use at some airports.
This wouldn’t just ease the passage for frequent flyers – just as importantly it would allow security staff to focus more time on non-frequent passengers.
At International Airlines Group we have some 55 million passenger journeys a year, made by some 15 million individual passengers. Of those passengers, only 10% are what we term “Active Frequent Fliers” and even within them, the 80:20 rule applies.
So a relatively small number of people do a disproportionate amount of flying but are not currently treated differently for security purposes. They should be – to the benefit of all.
That’s one example of risk management. Some people like to use a different word to describe risk management. It is Profiling, which some people regard as a pejorative term.
It is alleged to carry discriminatory overtones.
Such concerns are misplaced, and completely miss the point.
We’re talking about a No 1 objective here – better security.
There is absolutely no reason why security that is better can’t also be more customer-friendly.
Making everybody suffer inconvenience in the name of uniformity doesn’t make any sense at all – and reduces the quality of security by dissipating resources.
The long wait at Miami security is tough for 5 year olds, so to keep her son from causing a disturbance a mother decides to distract him with a civics lesson.
“Johnny, do you know what’s special about America?”
“No” Johnny responds
“Well, in America, everyone is free to do what they like, go where they like, own whatever they want – do anything except hurt other people”.
Little Johnny looked ahead at the people being searched by the airport security guards and says “I think I want to go to America then”.
Let’s take a different area of customs and border control responsibility – the illegal importation of drugs.
Customs pay much more attention to flights coming in from Jamaica than from Saudi Arabia, for example in their search for illegal drugs.
Because history shows that’s where drugs come in from. It’s simple risk assessment.
Is it sensible?
Is it selective? Yes. And it is selection based on evidence of risk.
It is also a far better use of resources than the one-size-fits-all approach.
Now let’s go back to security.
Is it sensible to run exactly the same security checks on pilots – each and every time they fly – as, for example, a Yemeni student?
Hands up all those that believe the Captain and the Yemeni student should be treated identically.
Doesn’t look like there are many people here from TRANSEC then, as they do believe the Captain and the Yemeni student should be treated identically.
Surely the flight crew need to be the ultimate trusted traveller. Let’s face it, they don’t need a bottle of hydrogen peroxide to do their damage if that’s what they were intent on.
Surely crew – flight crew and cabin crew – should be subjected to a lighter security regime thus releasing resources for higher risk passengers.
Another aspect is predictability.
I know passengers wonder why they sometimes have to take shoes off and sometimes not, for example. But that is sensible. Unpredictability can create difficulties for the would-be terrorist.
Do we need to do every check on every passenger? Different security lanes doing different checks could be constructive. Terrorists wouldn’t know which check would be done on them and would need to plan for every eventuality, whereas the specific process for individual passengers could be speeded up.
Deliberate unpredictability is not the same as bureaucratic inconsistency.
So it would be useful if there was more international agreement on precise security requirements.
For example, the difference between the UK and the European baseline (eg Germany and Netherlands) consists of 168 pages of UK regulation including 200 additional “More Stringent Measures”.
It’s hard to see how the rest of Europe can have got it so wrong!
Many of the differences are trivial – so why have them?
For example, a slightly higher random percentage of passenger hand search.
Then there are further differences between Europe and the US.
The US also makes specific demands of other countries on inbound flights.
If every country followed suit, requiring additional measures from all other countries for inbound flights, the number of permutations would be impossible to manage.
On a recent flight to the US, one of the members of the British Airways Board was selected for additional screening.
Let me make it clear, passengers selected for additional screening on flights from the UK to the US are selected by the TSA (Transport Security Administration), not by UK authorities.
So, if you get picked out – you know why!
She was in good company – well-known celebrities such as Henry Kissinger also get picked out, as do a number of infants.
Doesn’t sound like risk-based selection to me.
Interestingly, although the US requires secondary search on exit as well – it only happens to about 5% of the number selected on inbound flights. So you can see a strong focus on inbound passengers.
But since UK and the European Commission already have robust security measures – including random secondary search – why are European airlines told by the US to carry out additional screening to their requirements as well?
Of course different security models apply.
In the US, the TSA is not only the Regulator but also the service provider.
This explains why the TSA place lower requirements on themselves than they do on others.
They seem to have forgotten that the 9/11 assault was entirely internal with no foreigners entering the country.
In Germany, the security is carried out by the Federal Police who do what the German Government require.
In the UK the airport operator provides security as directed by TRANSEC.
Under ICAO, security is a Host State responsibility and in Germany airlines are not required by their Government to put in additional security at the behest of the TSA. Indeed in Germany it is illegal for the airlines to carry out security checks as it is the Governments responsibility.
Hence, if the German authorities don’t require it, it’s not done.
Here, if the TSA wants something different from the TRANSEC requirement the airline has to meet both.
I urge the Commission and European Governments to represent the interests of our passengers and be more forceful in the way they deal with overseas Governments.
More parochially, I can’t understand why a passenger who has safely flown into the UK can’t be allowed to fly out again on a transit basis without further screening.
Although the UK government says they are more concerned with the threat on inbound flights (just like the Americans it seems) they also want to add a small number of checks on exit.
So UK operators have to repeat 100% of the screening as we’re not allowed to just do the additional checks.
In any other industry, such duplication would be considered a scandalous waste of time and effort.
It also increases the minimum connection times, thus making Heathrow and UK plc less competitive against European counterparts.
We need multi-lateral agreements that recognise the equivalent of other countries’ whole security regimes rather than trying to match each security measure piece by piece.
Technology should be used to expedite the process as well as improve security.
In practice, there is little incentive to invest in technology.
Let me give you an example.
On equipping T5, BAA invested significant amounts of money in advanced cabin baggage x-ray machines – ones that can view from two directions.
As a result, passengers were allowed an 18 month trial period to keep laptops inside their bags.
The result was successful, with improved convenience and equivalent detection capability.
What happened when the trial concluded?
The UK Government didn’t vigorously support a change in regulation to allow laptops to stay in bags where suitable technology was in place, while other Governments opposed the change. We do not know the reasons for their opposition. But they carried the day – so the investment in better technology was to no avail.
Let’s just spend a moment on a new technology which is getting a lot of coverage at the moment – the bodyscanner.
Most of the coverage focuses on the intimacy aspects of the bodyscanner but I’d like to focus on the security and the efficiency aspects.
Bodyscanners are certainly a useful addition to security systems, but they have certain limitations which makes them unsuitable for screening large numbers of passengers.
The privacy concerns can be answered by use of Automatic Target Recognition (ATR). This means that only a computer sees the image.
Unfortunately, however, current ATR systems identify too many innocuous items they think are a threat, such as watches. This slows the whole process down and means the use of such bodyscanners takes longer than traditional methods and is of greater inconvenience to passengers.
In time, it should be possible to perfect such ATR systems to speed up the process but these are not yet available, hence human manning of the screens.
Until ATR systems have been improved they are unlikely to be universally deployed for cultural reasons – for example it is difficult to see them in widespread use in the Middle East.
But they do provide good mitigation for the non-metallic threat – which is after all the name of the game we’re in now.
So, as of now, we would support further development of the technology as fundamentally, bodyscanners do represent a suitable additional weapon in the security armoury and would fit well with a proper risk based approach so that they could be used sparingly on targets that are higher rated risks.
I recognise that pilots in the US have been very vocal in their opposition to the use of bodyscanners whereas BALPA in the UK have been more constructive in their criticism. But frankly, in a risk based systems these checks would not be applied to the pilot community in any event.
It all reminds me of the actuary who was caught by a bodyscanner trying to take a bomb on board a plane. When questioned as to his motives he said “I’ve always been frightened about air travel and the risk of terrorists. But then I stopped and worked it out. Do you realise what the odds are against there being two people on the same plane carrying a bomb?”
I’ve concentrated on passenger and passenger convenience, but there are also important security issues in cargo.
Until very recently, the UK cargo regime was recognised by the US due to the high security regime in place. We were one of a handful of countries that do not need to comply with the US “Model Security Programme”.
A new Emergency Amendment issued on March 4th for implementation March 10th – just 6 days later – required the UK to comply with parts of the Model programme previously exempt.
I won’t bore you with the detail but essentially it means 100% re-screening of all cargo being on-shipped to the US, irrespective of whether it has been received from a Regulated Agent or Known Consignor.
It requires that screening be done using TSA approved equipment.
Let’s just think about this requirement for a moment.
First – it is daft to require screening to cargo after it has flown. It needs to be secure from its first point of uplift.
Second – it means the purchase of additional equipment, which will take months, not 6 days. In that respect we have now been granted a 45-day extension but that hardly changes the point. It simply demonstrates recognition of the lack of thought that went into the Emergency Amendment
Third – it needs additional resource both in terms of manpower and space. Breaking down cargo, re-screening and then rebuilding is resource-hungry work. Not to mention hygiene and theft risk issues.
Fourth – it’s a complete waste of time, money and effort, being duplicative of screening processes already carried out.
Lastly – you might wonder whether rescreening is necessary within the US on transfer cargo – and of course you will understand that no, none of these requirements are considered necessary in the United States.
Nothing new there then
So let’s just recap.
I have avoided giving any views on the merits of any individual screening issues, such as the completely redundant demand to remove iPads from bags which has zero security benefit.
Or the intimate body searches taking place.
Rather, I have tried to focus on the bigger picture.
The US Travel Association recently issued an excellent report on improving security at America’s airports. The panel of experts included Tom Ridge, the first Homeland Security Secretary.
Their report endorses much of what I have said today and I will read to you one specific quote which sums it up for me.
“The country that put a man on the moon, invented the internet and creates daily innovations in manufacturing can and must do better in screening passengers and improving our air travel experience. Air travel is the gateway to commerce and an improved experience is directly tied to job creation and a stronger economy”.
Yes, we can do better – and not just in the US.
As I have set out today, there are several ways forward that will lead to improvement.
It needs us:-
a) to take an holistic look at security
b) to take a risk-based approach to security rather than a one-size-fits-all approach
c) to operate in unpredictable ways
d) to have multilateral agreements on what constitutes a good security regime and mutual recognition of such regimes
e) to recognise we have domestically-based terrorists as well as foreign-based terrorists and therefore require the same standards at home as we do for inbound traffic
f) to encourage investment in technology that speeds up the security process.
At the outset, I asked the question: can we improve the level of aviation security while operating in a more passenger-friendly way?
The answer is: yes, very definitely, we can.
Thank-you all very much for listening.