In the aftermath of the incident on the Amsterdam to Detroit flight, travel security rules are again in a state of flux. For now, changes appear to mainly affect flights to/from USA. However, additional security delays are affecting passengers on all flights at major international hubs.

Since the new rules are not yet finalised, airline websites have scanty or possibly out of date information. Some of the rules are only being advised once onboard. As a general rule, allow more time at airports for check in and for security and be prepared to deal with changes. For example those in the middle of a trip with 2 carry ons may find they can only take one bag onboard.

As the situation unfolds I can only hope that we now don’t have a war on solids to match the war on liquids.

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

Over on the A Wing and a Prayer blog, Gray has finally posted the long-awaited report on his flight to Erbil (or Arbil) in Iraq. I’d flown this route about 18 months ago and blogged about the unusual descent to land in Iraq and a couple of other aspects of the flight, and so I was interested in his take on it as well as whether there have been significant changes.

However, one comment Gray makes in the post has gotten my attention. He prefers security checks to be at the gate (as they are in Vienna and Berlin for example) rather than centralised (in most USA airport terminals).

Some of the airports I fly through regularly (eg Singapore and Wellington) also have security checks at the gate. I’m no fan of them.

1) If there is a last minute gate switch you often need to go through security again.

2) In most airports there are limited facilities beyond gate security checkpoints. Fine if you can always time it just right for boarding a flight. Not so good if boarding is delayed or if you are directed to go to the gate earlier than necessary by an announcement over the PA or on the departure monitors. I’d much rather spend extra time in the lounge, or shops, and head to the gate at the last minute.

3) When there is a tight connection a security check at the gate may be the difference between making the onward flight and misconnecting. Centralised security generally means no security for transits, at least for domestic travel (plus within the Schengen zone in Europe) within the same airport terminal.

I’ve flown enough to appreciate that centralised security can also have downsides. Notably when you are stuck in an enormous queue and running late for your flight. If you were in a queue at gate security instead you might get picked out of the line so you can make the flight or be sharing a queue with other passengers on the same flight (thus it may be held for you). However, this ignores the queues for security checkpoints at the gate can also be long and be shared amongst multiple flights.

It also ignores that centralised security by definition makes full use of all the security officers, whereas security at the gate may have some gates manned with no queues while other gates have lengthy queues.

In summary, centralised security should be more efficient than security at the gate – less screening of transitting passengers and more consistent usage of available security officers and equipment. Which type do you prefer?

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

It is no wonder airport security has a bad name amongst regular travellers when rules get made up by the screeners/officers.

Today while in a short queue of 3 people I saw and experienced directly myself a screener make up 3 different “rules”, one for each passenger. No this wasn’t in USA.

What made up security rules have you experienced?

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

As another anniversary of 9/11 rolls around, it is time for USA’s TSA to announce yet another “security” initiative. Having failed to foil non-existant plots involving liquids, gels, aerosols and similar substances, a war on powders has now been declared. Watch out any flyers with bad dandruff!

While a TSA blog post has a very simple Q&A, there is no information on the main website other than a press release which is lacking in information. So people flying through or from USA beware – there are new requirements which you need to meet, effective now, but the public doesn’t yet know what they are. Kinda makes it tough to comply with, doesn’t it?

The move seems to be ill-thought out. We’ve already had at least one terminal shut-down due to a “suspicious” powder which was found to be harmless. Expect more, many more.

Some TSA staff have posted to Flyer Talk that suspicious powders will be tested at the security check-point. Somehow the logic fails me. Either a powder is completely safe (virtually all of them – when was the last time you heard of an aircraft explosion or hijacking due to powder?) and thus testing is a watse of time, or it is not. If it isn’t safe then why endanger security staff and potentially hundreds of travellers at the checkpoint by opening up the container and taking a sample for testing on the spot? A bad guy wouldn’t need to bring a bomb onboard, they could cause just as much havoc at a crowded airport terminal.

The way things are going, air travellers in USA may not be allowed to carry anything onboard, and be naked at the screening checkpoint. Sounds far fetched? Consider this – imaging technology already being used at several airports strips away clothing, we can’t carry aboard liquids, we can’t carry aboard aerosols, we can’t carry aboard gels, we have some (as yet unknown) restrictions on powders. All that is left is (some) solids. The list of prohibited solids grows every year.

I despair of the future of travel in USA. TSA is so powerful and has a vested interest in keeping people scared and obtaining an ever growing role and budget. So far, no one in authority has the guts to say enough of the nonsense. What are the odds of an improvement by the next anniversary of 9/11?

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

I wasn’t intending to blog on this topic for a while longer, but a Travel Rants post by Kayt Sukel has encouraged me to write about it sooner.

In brief, the changes to Secure Flight (aka no fly list) are:

• TSA requires date of birth and gender data (in addition to name, payment info, etc) for USA domestic flights as well as international flights to/from USA also.
• Airlines send all the info to TSA before they can issue a boarding pass (even for online check in).
• Passengers who do not match someone on the no fly list are permitted to obtain a boarding pass. Those who do “match” cannot check in.

In theory, the modified system should reduce the numbers of no fly false positives from many millions a year to a smaller (but still potentially very large) number.

In practice, the whole thing is a waste of time & money. In a previous post I explained why a no fly list is a nonsense as a security measure. Those reasons are still valid today – all that is changing is how it is being applied.

The changes do nothing for security. A terrorist who makes up a name or steals one from someone can just as easily take the date of birth too. By tweaking the process instead of making real improvements the no fly list is further entrenched in USA air travel.

It reminds me of when the liquids rules first came out. We were told it was better to be allowed to carry a small amount of liquids than not being allowed any liquids at all. Bah! Once the rule is in place it is near impossible to remove.

It is no secret that I am avoiding travel to/through USA (where it is practical to do so), mostly because of the security hassles and inconveniences. For the last few years I was averaging a trip to USA every month or so, but during 2009 I will have just a single 2 hour transit.

I wish Obama did pick Bruce Schneier for TSA director.

How long before we all have to supply DNA samples just to travel?

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

In the news stories about the Jakarta bombing yesterday at JW Marriott and Ritz-Carlton hotels (source eg BBC) there have been a few references to hotel security.

While I haven’t stayed at either hotel in my several visits to Jakarta, I have stayed at other hotels that are perceived to be (or have been) terrorist targets – both in Jakarta and elsewhere. Generally these are US-based hotels in certain countries (eg Indonesia, Egypt, Pakistan, Israel).

Here is a very brief overview of the security that has been standard at these hotels for the past several years (at least):

• manned sentry gate stops all vehicles approaching the hotel
• inspection of all vehicles – mirrors to check underneath and a quick visual of the boot or inside of any truck/lorry
• driveway that has a longish and curved approach
• barriers preventing vehicles getting right next to the building
• walk-through metal detector at the door
• luggage x-rayed
• hand bags & shopping bags manually inspected
• cameras in the grounds and throughout the hotel (eg lobby, all entrances, corridors)

Obviously security isn’t foolproof. I’m not going to speculate on where the systems these hotels have broke down. Just as frequent flyers may spot weaknesses in airport security, so too may frequent guests of the relevant hotels may also spot weaknesses in their security setup. It may be no surprise that the hotel I’ve stayed at with the highest security was the Hilton in Tel Aviv.

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

I was reminded in my recent travels how different the airport transit experiences can be. At some airports transits are quick and simple. Singapore springs to mind for international to international transits and Melbourne Australia for international to domestic or domestic to international transfers.

The reasons these airports are good for transit passengers include having a single building for the terminal(s), good signposting, short distances to walk (and trains and escalators for the longer distances), quick immigration processes where required and none for international to international connections.

Other airports have much more difficult or slow transits. London Heathrow and Los Angeles are notorious amongst regular travellers for example. Less well known but almost as bad are Perth, Brisbane and Sydney.

London Heathrow is horrible for the long distances required, confusing layout and extensive queueing required at peak hours.

Los Angeles is horrible and slow for most international to international and international to domestic transits. The reasons it is unpleasant and US immigration process (even for international to international connections) and lengthy security queues. For some transfers there is also a change of terminals with a moderate walk. As flights from Canada to USA have US immigration processing in the Canadian airport, transits after these flights are not as bad.

Perth, Brisbane and Sydney are horrible for international to domestic and domestic to international transits because the terminals are separated and require a bus or train to travel between them. The terminal transfers have frequencies as low as every 30 minutes and limited hours – otherwise you need to use an expensive taxi. Depending on airline(s) flown, the terminal transfer may not be free either.

The airport setup is the difference between 20 minutes being a reasonable connection time and needing to allow 3 hours for transit. Some airport and airline websites have information on how to make transfers and how much time should be allowed. Otherwise the experience of fellow travellers (eg the Flyer Talk discussion on transits) is invaluable for travel planning.

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

The other day I had forgotten a password for a website and had to ask for it to be reset. It was simple to do, and it got me thinking. Friends know I’m easily distracted and so instead of the job at hand I decided to take a look at other websites where I have accounts and see how easy it is to get passwords and access.

As this is a travel-related blog, I’ll restrict my comments to airline and frequent flyer websites. From a modest sample of sites I got scary results. I’m no computer or security expert, but it looked like I would be able to gain access using only my name and easily guessed/looked up information at a good proportion of sites. This surprised me. I think it was a couple of years ago there was an expose on identity theft starting only with a British Airways boarding pass. While undoubtedly many security holes have been plugged, I did not expect it to be as easy to get access to not just one but several accounts.

Security of airline websites is particularly important. Not only do they hold information on credit cards and passport details (which proved surprisingly difficult for me to remove – without airline IS help the only option was to put in false information), but there is your address and information on when you are not going to be home. In the case of frequent flyer accounts there is also a (possibly significant) asset available for the taking by a thief.

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

In my previous blog entry I explained how the TSA’s claim of “small” selectee and no fly watchlist is nothing of the sort and impacts millions. Many readers will, however, have noticed that I omitted (deliberately in the interests of space) some key arguments against a watchlist. This entry covers those arguments.

In tv crime shows the detective or lawyer looks for 3 angles to assess guilt – motive, opportunity and means. I’ll use these in a different way, to assess the worth of having the watchlist.

For the sake of argument, lets suppose the watchlist is perfect. There are no false positives (name of an innocent matches someone on the list or an innocent name is on the list). The watchlist, then, is a list of names of those who have the motive for terrorism based on perfect intelligence. But perfect intelligence is an oxymoron. It is relatively easy for a terrorist to avoid being on the list, or to find someone else who is not on the list to do the evil deed. So the watchlist is insufficient to prove motive, or to put it another way does not filter passengers into those with motive and those without. Not a good start against the criteria.

Next consider opportunity. Pretty much everyone who flies, works in or near airports or airlines has an opportunity to do harm. It is a fact of life, and really by definition, that you cannot prevent opportunity for terrorism. This criteria therefore is no help at all, and again the presence or absence of a name on a watchlist proves nothing.

What about means? This is where security really should be, and leave the rest of the window dressing alone. If the means are prevented then there can be no terrorist attack. The names on a watchlist matter not to means either.

Thus, the watchlist does not improve security – it is a false security.

But wait, there’s more. If the 50,000 people on the no fly and selectee watchlists really all are going to crash or hijack planes, shouldn’t they all be arrested? The 50,000 are not arrested because the intelligence is imperfect. They don’t have sufficient proof of terrorist intent and means, and the outcry from so many false arrests would show up the lists as the sham they are. The bigger the list gets and the more times the importance of the watchlist is emphasised by TSA, the harder it is for a reversal, an admission of error. That is really unfortunate, especially for the millions of innocents caught up in the dragnet (refer my previous blog entry).

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.

I don’t blog much about the TSA (USA’s transport security if you’re lucky enough to not know what it is about), mainly because pretty much every policy they implement riles me up. There is plenty of coverage elsewhere on their terrible practices and stuff-ups.

However, an entry on the TSA blog from a couple of weeks ago has gotten me even more riled up than normal so that I have to comment on it. The blog entry is a self-styled myth buster on the recent news that the watchlist has 1 million names.

A summary of the TSA blog entry:

• 2 million daily passengers (this is USA only)
• 400,000 on a consolidated terror watch list
• 50,000 selectee and no-fly lists (subsets of the consolidated terror watch list)
• buster #1 – the list is not 1 million names long
• buster #2 – ACLU’s method to estimate 1 million names is flawed
• buster #3 – Ted Kennedy, Catherine Stevens and Robert Johnson are not on the no-fly lists, they just happen to have the same names as other who are on the no-fly lists. Then there is spiel that spending more money will enable the number of false positives to be reduced, and that those who are falsely identified (false positive) face only minor inconvenience.
• Terror watch lists keep legitimate terror threats off of airplanes every day, all over the world. (This point is a verbatim quote.)

Given the watchlist isn’t public info, I’ll take TSA’s word that the list is “only” 400,000 names long. I’ll also take their word that the names used to trigger extra security or outright prevent from flying are a mere 50,000 names.

Now to some that may not seem a big number, compared with say the population of USA.

However, a unique name is rather rare. Some common names have many thousands who share the exact same name – for example a couple of dozen others shared my name even in the small town I used to live in (and no my surname is not Smith). Suppose there are 100 people with the same name on average – this I think is a low estimate. Some unusual names will only have few people with the same name, while other names may have 100,000 people or more with the same name. That 50,000 list now matches 5,000,000 names. Not so small any more, is it?

Unfortunately that isn’t the end of it. For “bad people” could try to fool the system by slightly tweaking their name – using initials, changing the spelling slightly, etc. So the watchlist system gets close matches as well as exact matches. The number of names matching the list grows again.

Now, for some the ends (prevent terrorist attack) justify the means (extra hassles for those whose name “matches” the selectee and no-fly lists). However, consider this. How many of the 50,000 names realistically will try to blow up or crash a plane? I bet it is a tiny number – let’s say 100 for argument’s sake. Of those, a portion will presumably be savvy enough to realise that if they can take a name that doesn’t match the list (or find a suitably named new recruit) they won’t be subject to extra security. So really the security the name matching provides is non-existant.

But for the notion of apparent security, a significant proportion of the travelling public faces inconvenience. The TSA blog entry downplays the impact by claiming it merely limits ability to check in online. However, the real impact is far worse. Missed flights due to longer times to check in, missed connecting flights, being stranded at the transit point (eg if you couldn’t get through checked for the onward flight), not being able to easily switch flights to another airline in the event of irregular operations, etc. Then there is the time totally wasted by all these people, which somehow never make it into a proper cost-benefit analysis.

To sum up – lots of costs, no benefit, faulty logic being used to justify it all. Unfortunately this sounds rather like some other aspects of security (and not just TSA, other countries are not immune).

Those readers interested in finding out more, I suggest checking out the excellent Schneier on Security.

Musings of the Global Traveller
Thoughts, advice and travel news from around the world by a seasoned frequent flyer.