Imagine clearing airport security in a reasonable amount of time, without the hassle of removing your shoes and avoiding the tedious task of taking your laptop out of its case and heaving it into a bin for inspection. Instead of suffering through a process that causes constant trepidation, you emerge from security screening with minimal inconvenience and your dignity intact.
For the last two years IATA has been working to make that scenario a reality through its ambitious scheme dubbed Checkpoint of the Future (COF) unveiled in 2011. COF’s goal is to create a security framework that moves away from a one-size-fits-all approach to procedures built on a risk-management approach supported by optimising and enhancing technology, improving data management, and using biometric identification and behavioural analysis to strengthen security screening, increase check-point operational efficiency and improve the passenger experience at screening checkpoints.
During the 12 years after the September 2011 terrorist attacks irreversibly altered the approach governments take to managing threats to aviation security, passengers have been subjected to increasingly wearisome and intrusive screening requirements ranging from the aforementioned shoe removal to restrictions on liquids in carry-ons and the unpopular X-ray scanners that were eventually yanked from service.
The growing discontent is evident in IATA’s 2012 global passenger survey in which travellers stated the most frustrating element of the security screening process is queuing time, followed by the removal of shoes and belts. “Our collective failure to get full buy-in from air travellers means that they are not partners in the process, merely silent and sometimes intimidated and resentful participants,” says IATA director general and CEO Tony Tyler.
Passenger angst only stands to be compounded by significant increases in air traffic. Tyler remarks that more than 3 billion passengers will travel by air during 2013– roughly double the number of customers taking to the skies during 2001. “All forecasts point to another doubling by 2030”, he declares. IATA’s chief also repeatedly takes any opportunity to stress how cumbersome processes have slowed screening throughput. Prior to September 2011 the average checkpoint processed 350 passengers per hour. “Today it is below 150,” says Tyler.
A ROADMAP TO SANITY
IATA’s proposal for improving the screening process rests on using various methods to place passengers in one of three categories for screening – know traveller, normal and enhanced risk.
The association envisions its Checkpoint of the Future reaching fruition in 2020, but has laid a roadmap to conduct various trials that began in 2012 and continue into this year. Starting in 2014 IATA’s scheme entails using some new procedures to introduce risk-based screening and repurposing some existing equipment to improve screening procedures.
The next milestone occurs in 2017 when the association envisions international cooperation and recognition of known traveller programmes, covert and overt behaviour analysis techniques and passenger information units designed to analyse passenger data and other inputs as part of determining an overall risk assessment. During that time IATA aims to debut separate “known traveller” queues featuring biometric identity authentication. By 2020 the association hopes its vision of a seamless trip through security without interruption will be realised supported by known traveller programmes and differentiated checkpoint screening across multiple countries.
Part of IATA’s work to attain that lofty goal began last year as the association worked with partners to test the use of biometrics in Geneva to identify passengers before they reached a checkpoint. Tests at Geneva and London Heathrow entailed using technology to determine if a passenger’s identity could be confirmed before security, and the trials in Amsterdam used equipment to screen liquids and computers in carry-on bags.
Association head of passenger experience Paul Behan remarks the technology used in the tests performed well, and most travellers were amiable to participate in low-level trials. In some cases IATA approached passengers with a flier describing the tests and most travellers agreed to participate, Behan explains. The themes IATA gleaned from passenger feedback during the trials were quite familiar – travellers were largely supportive of any measures to improve queuing time, and technology that would alleviate the burden of divesting liquids and laptops.
This year IATA plans to trial roughly six Checkpoint of the Future components including testing alternative measures of risk assessment and behaviour analysis, improving checkpoint staffing and remote image screening. Airports that have committed to testing are Amsterdam, Heathrow and London Gatwick. Behan explains IATA hopes to partner with an airport in the Middle East for testing and possibly Sydney along with a couple of South American airports to spread out the testing globally.
Security experts and airports generally support IATA’s push for the transition of security management from blanket screening to a risk-based approach. But challenges the association faces in meeting its targeted 2020 deadline are well-documented and daunting – persuading governments to embrace mutual recognition of trusted traveller programmes as concerns over preserving private information remain strong, keeping the costs reasonable, setting realistic expectations for equipment manufacturers and gleaning an understanding of intricacies inherent in interactions between humans and technology.
“The principles [of Checkpoint of the Future] are absolutely sound,” says senior advisor to RAND Brian Jenkins, who also served on the White House Commission on Aviation Safety and Security under President Clinton. However, he believes creating a single system for global security “is going to be tough”. As a practical example he remarks that it took years for the Transportation Security Administration (TSA) to develop a “modest” PreCheck programme. “Politics gets in the way of everything”, Jenkins concludes, as advocates of civil liberties, privacy protection and labour all work to achieve their respective agendas.
The TSA’s PreCheck programme allows frequent flyers of Alaska, American, Delta, United and US Airways to undergo expedited security that offers passengers the luxury of leaving on their shoes, belts and light jackets. Travellers who enrol in PreCheck voluntarily supply additional personal information that ensures they fall into a lower-risk profile.
PreCheck is an example of IATA’s drive to created a more differentiated screening model based on varying risk levels of passengers, which is underpinned by a belief that the majority of travellers pose little risk. TSA Administrator John Pistole has set a goal that by year-end 2013 25% of passengers will undergo expedited screening as the number of airports offering PreCheck grows to 40 by December 2013.
There is some mutual recognition between the US and Canada of their respected expedited screening programmes as passengers participating in the Canadian Nexus scheme travelling on participating PreCheck airlines are eligible for expedited screening. But significant roadblocks exist in fostering that type of mutual recognition on a worldwide scale.
Governments in Europe are putting up a lot of resistance to the concept of mutual recognition as senior policy officer, counterterrorism and security, Dutch Civil Aviation Security Department, Netherlands Sander Olivier recently explained to APEX that politicians in European Parliament generally do not support expedited security lanes for lower risk passengers due to privacy concerns in collecting the necessary information to determine a traveller’s risk level.
An alternative offered by Olivier’s agency to win the backing of politicians is assessing risk based on traveller groups rather than individual passengers. As an example he concludes the threat level on a charter flight to the Bahamas is different that transatlantic service to the US.
Behan of IATA agrees some governments have firm views of the use of data in security screening as a number of states have stated they have no intention of using data outside of passenger name records (PNR) or advance passenger information (API). He explains some of the COF trials scheduled for this year are designed to look at data models to determine what is usable and available, and to examine the potential of other ways to assess risk, including behaviour analysis.
Putting Checkpoint of the Future’s concepts into practice also requires a candid assessment of the potential costs of the programme. As IATA’s chief Tyler points out, “we are spending a lot of money – some $8.4 billion a year and rising – to support a security system that has grown exponentially since 2001. And this is just what airlines spend”. In his study of Behavioural Modelling for Security in Airports (BEMOSA), disaster management expert Avi Kirschenbaum concluded: “Security costs alone already account for between 25% to 30% of total operating costs of airports, with costs rising with the introduction of even more sophisticated detection technology…”
A premise of the risk-based security management advocated by IATA, TSA and highlighted by JetBlue CEO Dave Barger is an opportunity for resource re-allocation created by classifying passengers based on risks. Barger believes that the efficiencies created by expanding a programme like PreCheck, allows for the “movement of resources into evolving technology”.
Airports Council International-North America (ACI-NA) holds a similar view as the organisation’s vice president of security and facilitation Christopher Bidwell concludes an opportunity exists for TSA to fund some other elements of risk-based security management as PreCheck allows the agency to more strategically deploy and procure the necessary technology for the next generation of security screening.
While existing equipment can be re-purposed to support some aspects featured in Checkpoint of the Future by re-writing certain algorithms, new technology is necessary to support the COF’s full-implementation by 2020. One formidable challenge that security equipment manufacturers have faced in the past is conflicting standards required by various governments. “The TSA and EU are certifying equipment under different circumstances because they’re coming from different threats,” an executive from a large security equipment manufacturer tells Airline Passenger Experience. He also highlights the various EU member states “all have their own national issues”.
A real-world example that reflects complexities of attempting to coordinate changes in screening procedures emerged last year when the UK-based Airport Operators Association and other groups successfully lobbied the EU to postpone relaxation of the carriage of duty-free liquids in hand luggage beginning in April 2013. Part of the association’s concerns stemmed from ensuring the technology was mature enough to handle screening of the liquids.
Bidwell of ACI-NA says there have been discussions among airlines, airports, manufacturers and the TSA regarding the formation of a group to hammer out the technological needs to address future screening requirements. “Just because something works well in a lab,” does not mean it can be effectively deployed in an airport environment, he explains.
As the supplier executive simply elocutes: “We need more insight.”
Demands by equipment suppliers to have a clearer set of standards from regulators are paralleled by a need to ensure a deep understanding exists of how security personnel interact with the technology they oversee. “The introduction of more sophisticated technology, while it has its place, disregards how employees and passengers behave…,” concludes Kirschenbaum. As he examined the interaction between humans and technology at the eight European airports featured in his study, often staff would allow bags to pass through even though items within the luggage set-off scanners. Those employees “used common sense” to determine the items posed no risk and ushered passengers through. “Eighty percent of employees thought that most threats were actually false alarms’, Kirschenbaum says.
The reliance on more sophisticated technology that allows passengers to “walk through a tunnel, and everything will be done to check you and make sure you don’t have this thing or that thing, it sounds great from a technological point of view”, Kirchenbaum remarks. But as security technology is based on probability, the problem of false positives is a common occurrence. Given that phenomenon Kirschenbaum envisions similar issues that are prevalent in airport security today occurring in a more risk-based environment as passengers affected by the false positives become upset. While improved technology might make throughput “a little faster… all the same problems you have today at the airport of queuing and delays will continue”, he states.
As IATA wades through the complexities of changing the fundamentals of security screening, it faces passengers and politicians who appear to “demand fast, friendly and flawless passenger screening that is 100% effective against the latest terrorist devices,” Jenkins of RAND declared in a research brief released in late 2012. “The problem is that satisfying these contradictory demands and wishes is utterly unrealistic,” he adds.
But keeping the status quo could ultimately crush already-pressured screening schemes. “I believe that the prevailing one-size-fits-all proscriptive model for security is not sustainable,” Tyler stresses. “If we don’t evolve, the system will grind to a halt under its own weight.”