TCS Daily

Fixing Airport Security: 21st-Century Strategies for 21st-Century Threats

By Robert W. Poole - September 26, 2001 12:00 AM

The recent terrorist attacks on the Pentagon and the World Trade Center have forced us to rethink the issue of airport security. It's become quite clear that the present system is not adequate to the task. In the past few years, both the General Accounting Office and the DOT Inspector General have issued scathing reports on airport security. One FAA official told USA Today that Boston and Newark "leak like a sieve." In 1999 federal agents were able to sneak through security doors 46 times at four major airports and walk around on the tarmac or board planes unchallenged.

Thus, while all parts of the system need improving, the biggest holes in the system concern access to "secure" areas behind the scenes, not the flow of passengers through metal detectors at screening points. The new passenger-focused regulations like those announced within days of the bombings (banning remote bag check-in, keeping cars away from terminals, restricting the use of e-tickets) will do little more than add to already long delays at airports; they would have done nothing to stop the terrorists.

Instead of imposing such new burdens on passengers, a better approach is to make use of improved technology, such as the following:

  • More-sophisticated luggage-screening devices, used on every single bag.

  • New people-scanners that can detect even ceramic knives under people's clothes.

  • Biometric systems for access control to secure areas at airports, to ensure that only those individuals authorized to go there can actually do so.

  • These kinds of devices would be far more useful than today's inane security questions and more requirements for passengers to wait in long lines.

    But the most fundamental problem with airport security is its fragmentation. Security today is the joint responsibility of the FAA, airport operators, and airlines. The airlines handle the security-screening checkpoints for passengers, hiring contractors that often pay minimum wage for what is, inherently, a boring and repetitive job. Turnover in those positions is typically well above 100% per year. And control of access to secure areas is shot through with loopholes. Everybody is responsible for airport security-which means nobody is really in charge.

    In response to these problems, some have called for creating a federal security service to take over some or all of these functions. But merely changing the uniforms will not change either the nature of the work or the incentives to cut corners in the name of everyday convenience. (In fact, most federal security is also provided by relatively low-wage contract personnel.) What's needed is a single point of responsibility at each airport, held accountable for every aspect of security. That responsible and accountable party should be the airport owner/operator.

    We can see how much better this model works, because that's how it's done in Europe. London's airports, especially Heathrow, have long been extremely sensitive to the terrorist threat. Yet security there is first-rate. Airport owner/operator BAA employs all the passenger screening people itself, and pays them decent wages. Turnover, not surprisingly, is but a fraction of what is typical of U.S. airports. Some of these employees eventually move up to other positions within the company. At the London airports, every single bag is X-rayed (which has never been done for domestic flights in this country), and there is positive matching of bags with passengers (again, unheard-of in this country).

    London typifies a large-scale trend in Europe toward a more professional model of airport management. In Europe today, an airport is seen as a business: an enterprise run by qualified (and highly paid) professionals, serving a number of different customers, and expected to make a profit (and pay taxes!) by doing so. A growing number of these airports have been shifted into private ownership over the past decade. Since Margaret Thatcher converted the former British Airports Authority into the publicly traded BAA in 1987, a total of 17 U.K. airports have shifted into the private sector. On the continent, privatized airports include Athens, Copenhagen, Dusseldorf, Frankfurt, Hamburg, Naples, Rome, Turin, Vienna, and Zurich, with Amsterdam and Berlin soon to follow. In each case, the corporate model has led to more professional management and increased resources for meeting numerous customer needs-including security.

    By contrast, the United States is still stuck with the old model: the airport as a no-frills place to get people on and off planes, at the lowest possible cost. Run by civil servants, it is not expected to take (entrepreneurial) risks, or to take major responsibilities, or seek profits, but simply to do what is expected of it by the airlines and the FAA. Although there are dedicated professionals running some U.S. airports, all too often we have positions filled by political appointees like the former governor of Massachusetts' driver (who is the current chief of airport security at Boston's Logan Airport, where two of the doomed flights originated).

    Thus, one way to improve U.S. airport security is to shift from the nonprofit, bureaucratic, civil-servant model of airport management to the emerging global corporate model. An airport becomes a major business enterprise, run by world-class professionals who take on the full responsibilities of ownership, including a serious pro-active commitment to security. This does not mean that all major airports would be sold or leased to private companies. Many of the European airports now being privatized (e.g., Amsterdam, Frankfurt) have been run for years as government corporations, with one or more units of government as their shareholders. The important thing is that they were run as real businesses, controlling their assets, taking entrepreneurial risks, making profits, and paying taxes. It would not be that difficult to "corporatize" U.S. airports, and then allow their state or municipal shareholders, over time, to decide whether or not to sell shares to the public or to sell a significant stake to one of the global airport companies. Until that kind of institutional change comes about, we can take immediate measures to provide much stronger incentives for security accountability. Instead of trying to micromanage security procedures from Washington, the FAA should set forth stringent outcome-based requirements, and make each airport operator solely responsible for compliance. (That would relieve the airlines from the unwanted duty of running passenger screening and farming it out to the lowest bidder.) The FAA should carry out far more frequent security tests, on a randomized basis, like those done recently by GAO and the Inspector General's Office. Airports that flunk should face hugely increased financial penalties, and even the threat of shut-down. If the FAA can yank the operating certificate of an airline that doesn't measure up on safety compliance, why not hold airports accountable in the same way?

    Airports now run by political appointees who are not really qualified to cope with such levels of responsibility would have newly powerful incentives to make changes. They could either hire managers and staff with much greater qualifications or they could hire one of the global airport firms to manage the airport for them. Either way, responsibility and accountability for airport security would be where it belongs: with those who own and operate the airport.

    Who should pay for this beefed-up airport security? Unlike an expanded Sky Marshals program, which is clearly a law-enforcement function and is properly provided and paid for by the federal government, providing a secure airport environment is one of the responsibilities of owning and operating a large commercial property. Shopping malls and office parks are responsible for the security of their premises, building the cost into their rents. They interface with local law-enforcement personnel as needed, depending on the level of interaction needed. Airport security is no different in principle. It is the responsibility of the airport owner/operator, with suitable interfacing with local police (as is already the case at most airports).

    The costs of improved airport security will be different at every airport, depending on how much space-redesign is needed, the amount of new technology that must be added (versus what is already in place at better-run airports), etc. Thus, it is appropriate that the users of each airport bear those costs, either indirectly (via higher rent payments by the airlines using the airport) or in the form of an additional passenger facility charge (PFC) to be added to their ticket price.

    In short, we have an airport security problem for two reasons. First, none of us realized the degree of threat posed by 21st-century terrorism, so we did not make security a high enough priority. But in addition, we have less airport security than in Europe because we're still using an obsolescent model of airport management. "Federalizing" airport security is not the answer. Dramatically increasing accountability of airport owner/operators is a far better approach. It works in Europe, and it would work here, as well.

    Robert Poole, a MIT-trained engineer, is Director of Transportation Studies at the Reason Public Policy Institute in Los Angeles. Viggo Butler, the retired CEO of Lockheed Air Terminal, recently served on the FAA's Research, Engineering & Development Advisory Committee and chaired its security subcommittee.

    TCS Daily Archives