In the post-9/11 world, invasive, inconvenient airport security checks are a reality we’ve learned to live with. Not without grumbles, but we generally accept that removing belts and laptops is better than the alternative—being hijacked.
Given the stringent screening we go through as passengers, it’s somewhat shocking to learn how lax security is for hundreds of thousands of airport employees—employees who have access to an airport’s most sensitive areas, like the tarmac and your plane.
The United States has nearly 450 commercial airports. Big hubs, like Atlanta International Airport, can employ up to 63,000 people. JFK in New York has about 37,000 staff.
There are currently no federal laws requiring security checks for employees. Only two major U.S. airports have their workers go through metal detectors, Miami and Orlando, which was instituted after security breaches involving gun and drug smuggling.
For other airports, staff who work inside Secure Identification Display Areas (SIDA)—from baggage handlers to mechanics to cleaning crews—are either subject to no security screening at all or to random spot checks at best.
Ticking Time Bomb?
This security loophole isn’t a new problem, it’s been the case since the beginning of commercial aviation in the country, but it is a constantly ticking time bomb. Every so often, after a high-profile security breach, or several, the issue comes up for renewed scrutiny.
The biggest breach in a spate of recent incidents was the Delta baggage handler at Atlanta International Airport who was charged in a gun smuggling scheme. Eugene Harvey allegedly passed bags of guns and ammunition, including an AK-47 assault rifle, to a former baggage handler in an airport restroom. The arms, some loaded, were then carried onto commercial flights between Atlanta and New York—not once, but 17 times from May to December 2014.
In September 2014, it was learned a former airline employee who had SIDA access at Minneapolis Airport went to Syria to fight for Islamic State in Iraq and Syria (ISIS).
In December 2013, a technician at Wichita Airport was arrested for plotting a suicide attack on the tarmac, during peak holiday travel to maximize casualties, on behalf of al-Qaeda in the Arabian Peninsula.
In response to these incidents, the House Subcommittee on Transportation Security convened a hearing on airport access control measures on Feb. 3.
“[Transportation Security Administration (TSA)] spends billions of dollars every year to ensure every passenger is screened before boarding a commercial flight. … What good is all of this screening at the front door if we are not paying enough attention to the backdoor?” asked Subcommittee Chairman John Katko in his opening remarks.
One main point of discussion is whether airports need to employ 100 percent screening of staff or if random screenings are enough.
In 2008, the TSA conducted a study comparing the two approaches. Three factors were considered: effectiveness, impact on airport operations, and cost.
The results were assessed by the Homeland Security Institute, which concluded that random checks were nearly as effective as 100 percent screening, and posed fewer operational challenges.
Moreover, the price tag associated with 100 percent screening was deemed cost prohibitive. The Government Accountability Office estimated the price tag to implement 100 screening at anywhere from $5.7 billion to $14.9 billion for the first year. Meanwhile, enhanced random checks were estimated at $1.8 billion to $6.6 billion.
Considering the TSA’s entire 2014 budget was only $7.4 billion, cost is the major consideration.
Why So Expensive?
The reason for the high price tag is that 100 percent screening would require a massive redesign of each airport, since no two are identical, plus hiring tens of thousands or more TSA screening agents.
The way U.S. airports work, passengers enter through the front door so there’s a single screening channel. Employees on the other hand, come and go through a multitude of back doors. Workflows across the airport would have to be altered to allow for the necessary checkpoints.
For example, some employees pass in and out of “sterile” zones (areas past passenger security) all day. The same agent who checks you into your flight usually reappears at the gate to board you.
Emergency responders need quick access airfields and other sterile areas. Their work couldn’t be slowed down by a security check.
Some employees use prohibited items to do their work. A system would have to be created to keep track of which mechanics are allowed to possess which items. A mechanic going through a checkpoint would be searched and verified against the list. If the list isn’t kept meticulously up to date there would be slowdowns.
At the transportation security hearing, chairman Katko asked TSA acting deputy administrator Mark Hatfield if it was time to revisit the question of cost given that the last assessment was done seven years ago.
Hatfield agreed, but cautioned that the toughest challenge will be establishing a set of definitions since “screening” can mean many things.
“[T]here’s screening and there’s screening and there’s screening, and we can’t just lump it all together as though it’s a universal practice,” Hatfield said.
He mentioned that although Miami spends a reported $3 million per year on full employee screening, what they do there looks very different from what the TSA does at its visible lobby checkpoints, and different again from what happens at the random mobile screenings.
Are Random Checks Enough?
Although the TSA conducts random, popup screenings, it’s easy to argue that the current regime isn’t rigorous enough.
Hatfield told the subcommittee that the agency performed 7,234 hours worth of random physical screenings of employees with SIDA badges at the Atlanta airport in 2014—and yet a baggage handler still smuggled guns onto planes 17 times in eight months.
Since the recent breaches, the Atlanta airport has been working with TSA on an improved security plan. However, the plan won’t include 100 percent screening, according to what Atlanta’s Aviation General Manager Miguel Southwell told the subcommittee:
“We recognize that 100 percent screening of airport employees has operational and cost challenges, and is neither practical nor sustainable,” said Southwell.
Jeff Price, professor at the department of aviation and aerospace science at the Metropolitan State University of Denver and author of “Practical Aviation Security: Predicting and Preventing Future Threats,” doesn’t think 100 percent screening is the way to go either.
“One hundred percent screening is on the table every time there’s an incident. People will run a bunch of numbers and discover it will cost billions and that it won’t get much safer,” said Price.
He believes other measures can be added to random screenings to achieve the same level of security as the 100 percent option.
ID verification is one area that can be tightened up. He suggests adding biometrics to SIDA badges. This would make it harder for an employee to pass their badges to others. Some airports do this voluntarily, but it’s not a TSA mandate.
Another suggestion Price makes is to provide suspicious activity awareness training to all staff to equip them to recognize signs of a smuggler or a potentially dangerous disgruntled coworker in their midst.
Price said airlines also need to do a better job with their own internal security, considering that most smugglers have been airline employees with plane access. But since the airlines are very sensitive about who can access their aircraft, the TSA doesn’t set up checkpoints in places like maintenance areas or where baggage is handled.
“[The airlines] thought they got out of the security business after 9/11 when the TSA took over,” but they still need to play their part, said Price.
Today, to receive a SIDA badge employees are run through an FBI criminal history record check. For domestic airports there is one list of disqualifying crimes, and for international airports that list is longer and employees are also checked against other law enforcement databases, including terrorism watch lists.
However, these checks only “look back” 10 years—there are no crimes that would permanently disqualify someone from being granted secure access.
There also aren’t any ongoing police record checks after the initial vetting. So if an airport employee is convicted of a crime, say in another state or another country, or is undergoing a criminal investigation, that would fall below the radar.
Under the existing system, the industry also isn’t equipped to do random checks without collecting a new set of fingerprints to send off to the FBI.
These gaps were pointed out by Airlines for America, the country’s main airline trade association, in its submission to the DHS subcommittee. The association made recommendations including: increasing the look back period to 18 or 20 years; making it easier to check employees against the terrorist database; and requiring local law enforcement to share information with federal agencies if they are investigating an airport worker.
To those in the industry, the security gap is well known.
Katko, a former federal prosecutor with a track record for being tough on crime, appears serious about tackling the problem.
“Nearly 14 years [after 9/11], terrorists have adapted to our security protocols in ways that require us to be agile and resourceful. We cannot afford to be set in our ways and risk missing a glaring vulnerability,” Katko said.
However, we face the same issues that have always been there: the costs and complexity of closing the loopholes. But where there is a will there is a way and perhaps this round of scrutiny will yield a new way forward.