Matthew Finn has been working in airport security for about 15 years, having taken up a post helping governments understand how they can strengthen border control and enhance security shortly after the tragic events of 9/11.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataSince setting up his own firm – Augmentiq – Finn has taken a central role in the battle to ensure that those who work at airports are the right people. “I've been talking for the last few years about the need to take a holistic view of all of the people involved in security,” he says. “Who are they? How are they led? Where are the checks? Where's the governance?
“And how do we make sure we have the best possible people working in aviation security, creating an environment that attracts talent and the right and best people?”
Alleged smuggling at LAX
The concern stems from a number of incidents that have thrust the issue into the spotlight. In April, two former baggage handlers at LAX Airport were arrested for allegedly using their credentials to smuggle cocaine past security and on to flights. Just over a month later it emerged that, in the aftermath of the EgyptAir crash, French air transport police had begun checks on the staff at Roissy/Charles de Gaulle Airport who had come into contact with the Airbus A320 before it took off.
Quoted in the Guardian, ASCT International director general Sébastien Caron said: “A baggage handler could very well, once the bag has been checked, add a booby-trapped case to the hold.”
Officials also revoked the security badges of 70 workers at Roissy/Charles de Gaulle and Orly airports following the November 2015 terrorist attack in Paris. Following the attacks in Brussels, The Express newspaper published a letter written by Zaventem airport police officers that stated: “Even today, there are at least 50 ISIS sympathisers working in the airport. They have a security pass and can access airplane cockpits…The suspects are mainly shop assistants, cleaners and baggage handlers.”
These tragedies have focused minds, but it’s not an entirely new problem. According to Wired, almost eight years ago journalist Alberto Stegeman worked with a colleague who was employed as a baggage handler to get a fake bomb and drugs aboard an aircraft.
And in the US, an administrator for the Transport Security Administration (TSA) confirmed in April that just three US airports had a robust process that demanded employees undergo a security check before entering sensitive areas. This came 12 months after a Department of Homeland Security Inspector General report revealed the TSA had failed to identify 73 employees who potentially had links to terrorism.
Vetting is paramount
Of course, in theory the way in which to vet potential employees is through background checks. “You have to have the mechanisms in place to perform a fairly deep background check to make sure that you are indeed who you say you are,” says Finn.
But are the resources available? “They are, but there's a caveat to that, that being it depends on the maturity of the government within which you are operating.” So, continues Finn, if you were to perform that level of check in the UK or EU, then “yes, absolutely the government would have that capability to perform the vetting of an individual to a high degree”.
Since the 1990s, workers at UK airports have been checked every time they require access to secure areas. The European Union adopted this policy in 2004.
Staying in the UK, the Civil Aviation Authority (CAA) is responsible for the arrangements of the National Security Vetting programme, which requires a criminal record check for those who wish to work unescorted in a security-restricted area. The CAA states that “applicants will also require an equivalent overseas certificate for all countries in which they have lived continuously for six months or in the previous five years”.
A new criminal record certificate must also be obtained for current employees when renewing airport ID cards, so there’s a degree of continuity in this process, while a counter terrorist check includes checks against UK criminal and security records.
Finn warns, however: “If you go to other parts of the world, you're not going to find that same capability. This is part of the complexity of the aviation security environment.” The International Civil Aviation Organisation (ICAO) does have security standards, to be followed by its member states, but these are just used as a “baseline”.
Fake identities and personal relationships
Adding to the complexity are fake identities. “If you were to obtain a fake birth certificate and then a genuine travel document on the back of that, you could be working in an airport environment as an entirely fake individual, but with genuine documents,” Finn says.
This raises yet another soul-searching question: “How can we do a proper background check on you or a risk assessment, if you don't actually exist? Those are some of the deeper issues of identity that speak to the same problem.”
The answer, aside from improving the detection of criminals who thrive in this black market trade, is to trust that the background checks will do their job and to put pressure on those who are failing to enact sufficient vetting of staff.
Finn argues there’s also reason to be concerned about who checks staff when they enter restricted areas.
He says: “In practice you wouldn't have any personal items on you in that restricted zone, but in order to measure that, there would another person, when you go into that zone, who would perform a security check on you. Hopefully that isn't someone who you've been sitting next to for the last five years but rather someone from a different team.”
What can happen, though, is that “the people checking the checkers have personal relationships,” which can, he says, undermine the integrity of the screening process. “Why would they need to give you a proper pat down if for the last three years you've never had anything on you?” Finn asks.
Speaking to the Guardian in November 2015, aviation security expert Philip Baum followed a similar line, saying that the current set up was too predictable. “There would be much better security if you had no idea what type of screening process you were going to go through,” he said. “From a terrorist’s point of view that’s a nightmare, and why don’t we do the same with airport employees?”
Calls for a new era of airport security
Finn, who was quoted in the same Guardian article and chaired the 2015 International World Aviation Security Conference in Dublin, has called for an international response focusing on how those in the aviation environment are vetted.
"Is the document genuine? Can you prove it? Has that person been living at that address for the last five years? Do you have ten years' worth of address history and employment history?” Finn asks. A joined-up approach would also promote mobility, giving greater peace of mind that “people working in sensitive environments have been well vetted”.
However, just as important as new international guidelines is leadership. Finn speaks passionately about his desire for change, but is critical about the rather fragmented approach that exists today.
"The thing that I think is most vital at this stage is collective leadership,” says Finn. “What I mean by that is for the leaders of all of the different organisations – the policy makers, the police, document checkers, baggage handlers, passenger screening – to come together.”
A calm assessment of the situation is required, he continues, but an “under-motivated, under-educated, under-valued and under-paid” workforce exacerbates the situation. Finn is adamant that if people working in security are repeatedly undervalued, it will take the industry in “absolutely the wrong direction”. Rather, “people should be leaving education and wanting to work in this environment”.
Whatever measures are adopted, it is impossible to completely eradicate the insider threat, just as it is with any other security risk. That’s not to say, however, that the risk is being dealt with as vigorously as it should be.
"It is a loophole, but let's see this in context,” says Finn. “Good security is about managing risk. There is no such thing as zero risk or 100% security. It is designed to be difficult, but just because it is difficult doesn't mean it is impossible.
"What we have with the baggage handling and the staff aspect is a vulnerability. Now, there are things in place to lower that vulnerability and risk, but more can be done to lower it further."