The provision of security in an of itself is relative to a number of uncontrollable elements.
Differing airports in different continents, countries, regions and cities have different opinions of security. What is enough? When have we gone too far? Is it reasonable that the US expects more of everyone than they expect of themselves and each other? Of the entities and people involved in providing security, how are they trained, managed, audited and evolved? These are not difficult conversations. They are exercises in brain-altering tedium.
Let's look at domestic US expectations of airport security as a first-order requirement. No shoes while going through the personal scanner. No liquids from outside other than N(oz.) bottles and clear baggies. No jackets, over-shirts or secondary layers obfuscating physical form. Obviously, no weapons or weapon-like materials. All technology must be out. Everything that you can't wear through the doorway body-scanner must go through the x-ray conveyor belt. Pat-downs, scanning wands, questions and visual scrutiny. Provide your boarding pass. Try not to look suspicious. Sometimes dog checks, swab tests or boot the hardware tests. Argue about anything at all and receive an unsolicited pat-down that is currently challenged by some travellers as intimidation tactic and molestation. Domestic vendors are required to behave accordingly, as are airport staff at all levels. Adherence to process is an inviolable expectation.
Let's look at US expectations placed upon the international community facilitating transport TO the US as a second-order requirement. The communicated expectations delivered by the United States to the international entities is most likely consistent with currently practiced US domestic policy. However, the application is relative to the second-order vendor. For example, "no shoes" in the US is ordinarily translated as "no shoes" to be worn through the scanner. However, "no shoes" is relative to interpretation by international practitioners of security who have different context. Sandals are a good example. To remove or not to remove. In a remote African airport, I didn't need to take off my water sandals (Keen). In the US, of course I did. Is this variability on the part of US international policy or is this variation at the second-order actor level such as international airports and/or security teams? Bags were sometimes viewed, sometimes not. Contents were sometimes assessed, sometimes not. Bells going off with doorway scanners were sometimes acknowledged, sometimes ignored with a simple explanation without verification.
If US international policy variability explains the differences in the security practices of international actors, then this oscillation suggests it is easier to breach US security from afar than domestically. Furthermore, conditionally discontiguous US policy is not successfully manageable with any realm of predictability and communicates mixed messages to actor entities and individuals. We all know that personal interpretation of IF-THEN decisions is often relative to the person. So it is with actor entities. And in terms of predictable, repeatable results it is not in the best interest of the US to have conditional security policy. It must be the same expectation, message and method domestically and internationally to glean same results. A next question through may be, while the US can request it, can it be enforced usefully on non-US soil?
If individual airport or airport personnel variability explains the differences in security practices, how are security behaviors communicated, taught, regulated, audited and evolved across all airports serving US interests? Other countries do not share all US values. How do we instill continuity internationally to people who don't care about the same things? If one person comes to work in a bad mood and doesn't care about the job, on top of not caring about US security expectations, there is nothing the US can do about it. Frankly, in some countries, people would like to see American planes and assets blown up. How does one regulate responsibility on foreign soil predictably? While incentive per actor may be relative, implementation of security policy must not be so. As a result, along with incentive must come the right for policy, procedure and training definition, as well as, controls, audit and change mechanisms. Admittedly, second-order actors in any situation are always more challenging to solicit behavior and result consistent with first-order expectations. It is a fact. The US is forced to accept that second-order actors, though incentives, regulations and expectations are clearly communicated, represent a second-level of security only and must be complimented and/or supplemented as perceived necessary across time.
This then gives the US two levels of security screening for entry into the United States. Level 01 provided at second-order actors internationally. Less than the US has implemented, though important. And Level 00 provided by the United States itself on home ground at international points of entry. These are only two levels of dragnets in the larger system employed to catch potential threats to US security. The challenges of course include applying common sense, non-fear-based solutions that do not violate personal freedoms in the name of security, as well as, managing the large-system flow of human traffic and process by employing non-intrusive, efficient solutions. Right now, US security policy complexity and demands exceed current technology solution accessibility and employment. Resultantly, stop-gap implementations are very organically focused (security guards) which creates personal intrusion, bottle-necked, expensive wait (waste) states in the supply/delivery chain. In other words, the US has implemented a very complex security paradigm that it cannot manage efficiently in any other manner than to be highly waste-ridden which translates to high-expenditures, high frustrations and high probabilities of confrontation between those employed to do work, those providing products and services, and those paying to get from point A to point B. Benjamin Franklin is documented as saying, "They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." He is also documented as saying, "Where liberty is, there is my country." Now, how is the US going to eliminate, mitigate and manage risk to borders and assets while being fiscally responsible and respecting the constitutional rights of domestic and international citizenry? To explore possibilities, we'll look at some logistical math influencing the process complexity of implementing strict security policies.
I recall a conference talk where the speaker stated that a truly effective security system needed to be as complex as the system it was protecting, to the same order.
ReplyDeleteWhether I truly follow that, I dont know. Security as a secondary or reactionary approach that is built in as an add-on isn't good security in my opinion. Security = Managing, Mitigating, and removing Risk. It's a wholistic mindset that is hinged in systems thinking and the desires to see your system safe and successful.
The air transportation system had to adjust their methods as a reaction to exploitation by hijackers. This was new to the US (even to other actors hijackings were mire common and they seem better adjusted, such as Israel and the IDF).
What I'm saying is that we're building a system to compensate for a strong lack of security while trying to get other actors to conform. What do other actors view as a violation of personal freedoms? When speaking of freedoms versus being secure, we have a massive philosophical and practical debate on what is security, what is personal freedom, how much should we expect? For the sake of your article it was good to abstract them, but it's the first thing that comes to mind.
Personally I feel Americans live with too much of a false sense of security (I'm an american). 9/11 was a testament to the fact that no one expected devastation on such a level or that it could happen to US.
I'm an advocate of privacy and personal freedoms, however it is hard for me to imagine what I feel is a highly secure (and flow optimized/streamlined) system that does not step across many lines of "freedoms" and privacy.
Looking forward to your next post. AR