Tuesday, March 11, 2008

Random Musing On Access Security – Disney versus TSA

Notice: Random Musing is meant to amuse, pique curiosity, and add a bit of controversy by looking at issue from a completely different perspective. If you emote after reading the Random Musing, then it is working.
====================================================================

Why does Disney World in Orlando have biometric finger scanners and park pass readers at their entry gates? According to the local news report, Disney’s purpose of the biometric finger scanner was to keep track of legitimate use of tickets and not to gather personal data.

How Disney Security System Works
The system that Disney – and also Universal Orlando and SeaWorld Orlando – have in place is quite sophisticated. Each park pass has a magnetic strip like a credit card. When you buy a park pass, the purchase data, including the purchase price, point of purchase, date of purchase, and method of payment gets encoded onto the park pass magnetic strip. If you purchased the pass with a credit card, then your name is also embedded in the park pass.

Every time a person puts their park pass into the pass reader and have one of their fingers scanned, this information is relayed to a central computer system that verifies the validity of the pass and confirms the fingerprint to the biometric data associated with the pass. This ensures that the park pass cannot be given to another person. Green means fingerprint data has been associated with the pass and you can go in; Red light means, try again or access denied.

From a risk perspective, I could understand the need for Disney and co. to mitigate the potential risk of revenue loss. After all, without proper security, a person may try to use someone else’s park pass to enter Disney World, resulting in a potential loss of approximately $100 in park admission revenue per incident.

Why Can’t We Have Something Similar At Airports?Then a thought came to me: If Disney and other amusement park operators could install, maintain, and operate a sophisticated identity checking system at their entry points, then why can’t the TSA employ something similar?

After all, the TSA is in charge of security at airports. The risk of loss and severity of loss are much greater at airports than at an amusement park. One could reasonably expect that if Disney could install such sophisticated biometric finger readers and park pass verification system at all their entry gates to mitigate a potential $100 loss, then TSA should be able to install something comparable at airports, at least at the major ones.

Sadly, we don’t. Instead, we have, even at major airports, a system where TSA security agents looks at your government issued ID and boarding pass prior to your having to go through a metal detector and putting your bag through an x-ray machine. And, just as an added layer of security, there are abundant number of TSA agents supposedly looking at you, using their SPOT technique.

How secure is that? Not too secure. We know what happens when a person enters the airport terminal without proper security screening. In November 2001, at the Atlanta airport, Mike Lasseter caused a nationwide flight delay simply by running past security guards and into the terminal.

Even when an idiot inappropriately jokes about a bomb in his bag, the airport shuts down for couple of hours. How about when a TSA agent makes an honest mistake? Apparently, an honest TSA mistake will also shut the airport down for three hours.

I can fully understand and appreciate the need for security at our airports. However, I cannot understand how the entire airport can be shut down and evacuated for several hours every time there is a false alarm from an idiot joking about an explosive in his bag or when a TSA agent makes an honest mistake.

The cost for a multi-hour airport evacuation and flight delays resulting from the evacuation would run into hundreds of thousands of dollars. In the cases of an airport the size of ATL or LAX, cost would run into tens of millions of dollars.

The Big Question
So does TSA have a way to reduce the ‘false’ positives? Nothing so far. Which brings us to the big question:

If Disney World, which has approximately 50 million visitors a year – putting it on par with a busy airport, such as JFK, which had approximately 49 million passengers in 2007 – is able to handle the flow of visitors through the entry gates without minimal delays, even with octogenarian monitoring the security process, then why is TSA still using a legacy security procedure and system - that critics have labeled as inadequate?

Sad Conclusion
I don’t know about you but from a risk manger’s perspective, there is something really wrong here if we cannot have an effective airport pre-boarding security screening while Disney has one for their entry gates.

Perhaps, we should have Disney take over the TSA function. After all, a lot of people think the TSA is a “Mickey Mouse” organization.
Click here to see a news video on how Disney’s biometric systems work. TSA, please have a pen and paper ready before you watch the video, you may learn something.

Wishing You a Million Happy Dreams,
Ed Kim
http://riskyops.blogspot.com/

Sphere: Related Content

No comments: