Several news stories have addressed concerns about lost and stolen airport ID badges.
Before everyone goes nuts about this issue, particularly politicians and TSA, let’s realize a few facts about airport security badges. This isn’t like losing the key to your house with your address printed on it.
First, the vast majority of missing badges are LOST, not STOLEN. There’s not some widespread airport security badge theft conspiracy going on. I worry more about some ISIS inspired American citizen without a criminal history getting a job at an airport, but I’ve written on that subject before so let’s stay on point.
Usually when a badge is stolen, it’s because it was in the employee’s car or wallet or purse, that was stolen, not because someone wanted to access the airport with it.
Second, you need two things to get through most airport security doors, the badge and either a unique PIN code or a biometric, such as your fingerprint or hand. In some airports, you need all three – a badge, a PIN and a biometric, although biometrics in airport access control systems are not presently required by TSA.
So, if you get your hands on an airport ID badge, unless you also know the employee’s unique PIN code, you’re unlikely to access a door to a security area. It’s like having the front side of one’s credit card information but still needing the security code on the back to make a purchase.
Individuals with employee badges are responsible for reporting when the badge is lost or stolen to the airport operator, who can then immediately shut down that cards’ ability to access anything at the airport, and will also trigger an alarm if someone tries to use it. Unfortunately, employees don’t always immediately know when they’ve lost their ID as it may be a few days before they are heading back to work. In the meantime, anyone whose found it and tries to use it must still know the employee’s PIN to get the badge to work.
Also, many of the “missing badges” are badges that have expired (they do have expiration dates printed on the front of every one) and not turned back in. This is like finding a credit card after it’s expiration date. The badge is no longer “visually valid.”
There is still the chance that an individual can take an expired badge and jump the perimeter fence or try to sneak through an opened door that an employee has accessed (known as piggybacking and every employee is required to watch for it) and walk around in the security areas with that expired badge – honestly, unless you’re watching carefully, few people will notice, provided you’re also wearing attire that typically is worn on the ramp or in the security area, and you look like you belong. But, this tactic requires you to breach at least two or possibly three layers of security. Not saying it’s impossible of course, as TSA and airport security inspectors will often test employees by wearing the wrong badge or an expired badge, but just saying its harder.
Now, here’s what I LIKE about this story. It calls attention to aviation security. The theft of airline uniforms, badges, other identification is never a good thing, and we need to remember why, 14 years ago, we decided to take aviation security seriously. I’m seeing to many articles and stories where people are getting tired of aviation security measures and not taking it as seriously as they should. Writing on aviation security history for so many years, it’s easy to see the trend – every time there’s a tragedy, we take a bunch of measures, then the farther away we move from the tragedy, the more we slack off. . . then we’re shocked when someone attacks the system again.
That said, I still would like to see biometrics made a required component of airport access control systems – that just makes it more difficult on the bad guys and reduces the consequences of lost and stolen badges.
As someone who works at BOS, I second the notion that biometrics be required.
Patrick, I’ve heard from some of my industry associates on this as well, and they say it’s going to cost billions. But, I say, pay it now in the form of biometrics, or pay it later with legislation and knee-jerk regulations. At least with biometric integration now, you can plan for it, budget for it, and implement it properly, rather than rushing something into place to meet a future security directive.