Is this any way to run an airport?Our special report on startling security breaches at U.S. airports.
Zohar Lazar

Photo id's at check-in. High-tech plastique detectors. Stepped-up canine patrols. This is the way we fly in the wake of Lockerbie and the World Trade Center bombings.

Yes, security at U.S. airports is tighter than ever. It's even a federal offense to make a wisecrack about carrying a bomb in your bag. All for good reason: the intelligence community believes that the threat of terrorist attacks against U.S. targets, including airplanes and airports, is stronger than ever. But with no recent bombings and the Y2K freak-out behind us, some travelers may have been lulled into complacency.

The past two years have been less than stellar for U.S. airport security. In May 1998, the General Accounting Office, the investigative arm of Congress, found "significant vulnerabilities" at domestic airports. Keith Fultz, an assistant comptroller general, told Congress, "Nearly every major aspect of the system . . . has weaknesses that could be exploited."

The GAO urged the Federal Aviation Administration to rapidly press forward with five initiatives recommended in 1996 by a White House Commission on Aviation Safety and Security: passenger profiling, explosives detection technologies, passenger-and-bag match, vulnerability assessment (including spot checks), and certification of screening companies.

The next year, in November 1999, the Department of Transportation's inspector general revealed alarming security lapses discovered during a routine audit of eight major airports. Unlike the GAO, the OIG (Office of the Inspector General) provided sensational specifics: OIG auditors had repeatedly bypassed airport security and sometimes even boarded planes unchallenged.

In 117 out of 173 attempts--that's nearly 7 out of 10 times--OIG auditors gained access to restricted areas. Once inside, auditors were able to board planes operated by 35 carriers--again, a total of 117 times. (The testers' methods were hardly the stuff of James Bond movies. Most often, they merely "piggybacked," or followed employees through doors, rode in unguarded elevators, walked through cargo areas, or even drove through unmanned vehicle gates.) The OIG took the FAA to task for such lax oversight, prompting an unprecedented FAA sweep of 3,000 access-control checks at 79 airports. By summer, both the FAA and the DOT were reporting tighter access controls at airports.

At least at most airports. Last August, dozens of workers from American Airlines and other companies were arrested on drug- and weapons-smuggling charges at Miami International Airport. In what appears to be a classic inside job, the smugglers stashed narcotics in food carts and wall panels aboard planes, as well as in baggage that workers picked up on their days off.

An unusual incident?Perhaps, if only because of its criminal component. Yet the OIG's access-control report had blamed airport and airline employees for the security lapses. Most of the OIG's penetrations would have been prevented had employees simply followed basic procedures, like closing doors behind themselves and checking ID's. In addition to conducting more-aggressive spot checks, the report recommended that the FAA beef up training requirements for airport and airline workers.

"The human factor is overlooked," says Stephen Luckey, a Northwestern 747 pilot and chair of the Air Line Pilots Association's national security committee. "Every individual who works in the airport, from a parking lot attendant to a pilot, should have some security awareness training." Such instruction, which should detail basic access control and other security responsibilities, is spotty at best. Some airport workers receive only a one-time video briefing, while others get no security training at all.

Aviation security has come a long way in the last two decades, particularly since the 1988 Lockerbie crash of New York-bound Pan Am Flight 103, which killed 270, including 11 on the ground, when a terrorist bomb exploded. Government and industry have invested hundreds of millions of dollars in equipment, including systems that detect explosives, and highly sensitive scanning machines for both carry-on and checked bags.

But airport security always seems to depend on, as Luckey suggests, the human element, the employees--screeners, gatekeepers, flight attendants, pilots. With that in mind, the FAA is finally coming around to proposing several new regulations, and has started conducting random tests of baggage screeners, using systems that project fictitious images in bags as they pass through the scanning machine. The FAA also wants to certify security and screening companies subcontracted by airlines and airports; firms with employees who don't meet federal standards would risk losing their certification.

Airport operators have also taken steps to enhance security. Shortly after the downing of TWA 800 over Long Island in July 1996, the Port Authority of New York and New Jersey demanded that security staff and construction workers in secure areas get Port Authority credentials, which requires an intensive background check. Even though terrorism was ultimately ruled out in the crash, the Port Authority, which runs Kennedy, La Guardia, and Newark airports as well as the World Trade Center, didn't want to take any chances: they also retained a security firm made up of former federal agents and increased canine units in the Port Authority Police.

Anybody who's scrutinized airport security has a list of recommended improvements. Harold Frank, an airport security consultant in Boca Raton, Florida, thinks U.S. airports have a long way to go to become truly secure. "I've seen people with no right to be there walk right out onto the tarmac," Frank says. He'd install more cameras, especially at the walkways to planes. "That's one of the weakest areas."

Frank and others would also tighten ID requirements for passengers. "I don't care how many million-dollar machines you walk through," says Luckey. "There's no guarantee that's you in the first place."

Fidel Gonzalez, security chairman of the Association of Flight Attendants, believes we should stop building airports that look like malls: "You wouldn't have to worry about all those vendors." He'd also like to standardize airport workers' ID's so that a green badge would mean the same thing in Chicago, say, as it does in Boston.

On occasion, Gonzalez investigates complaints from flight attendants about slow responses to security calls. In two separate incidents at major airports, he says, airport police took nearly an hour to respond to flight attendants reporting unattended carry-on bags. At one, police said they were busy looking for a missing child. At the other, the officers challenged the flight attendant's claim that the bag was unattended. Neither explanation pleased Gonzalez. "Such situations have probably made these flight attendants indifferent," he says. "They're probably thinking, 'Next time, I'm not going to go through this crap.'"

Of course, no system will ever be airtight. "Let's say we could fingerprint everyone who flew," says Bernard Wilson, chief of airport police at Los Angeles International Airport. "What's that going to tell us?The passenger either has a criminal record or doesn't. Period." If security came to that, terrorists would find someone without a criminal record, notes Wilson. And the system couldn't trace individuals arrested outside the country.

That the flying public learned so much about last year's disturbing OIG findings surprised a few people, including Alexis Stefani, assistant inspector general for auditing at the DOT. She says she was expecting the report to be more heavily censored. (In July, the FAA redacted, or blacked out, so much of an OIG report on airport screeners, the so-called "human element," that the office could not release it.)

Indeed, there's a lot about airport security that plane passengers will never know. For example, the FAA publishes violations only when fines exceed $50,000. In the case of security infractions, the FAA waits at least one year after the incidents, for security reasons. So travelers don't learn about specific major security lapses until well after the fact, and they never learn about lesser violations. Even though each major U.S. carrier gets slapped with 100 or more violations every year, those fines remain confidential.

In the past two calendar years, the FAA has made only three such announcements. Last July, the agency reported that it was fining American Airlines $250,500 for 51 security violations at the Dallas/Fort Worth International Airport. In December 1998, the FAA revealed that it was fining American $190,000 and Delta $80,000 for security violations, again at Dallas/Fort Worth. The latter infractions took place in 1996. That's major news (especially to folks flying in and out of Dallas). But some people don't want you to know much beyond that.