The rest of the world tends to look askance at the way that we here in the US handle airport security. Many of the measures we take are pure “security theatre,” reacting to the last terrorist scheme (exploding shoes, bombs in underwear) that we happened to catch. Checking electronics seems to be a good idea, although the lithium ion batteries in non terrorist devices seem to be more likely to bring a plane down than a booby trapped phone or laptop. Even this, though, may be giving us a false sense of security as terrorists are working to better hide explosives in electronics.
Here’s a pretty funny take on all of this from Australian comedian Jim Jeffries. Warning: it is very sweary, so don’t watch if that kind of thing offends you.
Now, I’m not saying that we should do away with the TSA or many of the security checks it performs. One look at their Instagram account of things taken away from people at security checkpoints is enough proof of that.
What is needed is a more people focused type of security – looking for patterns in ticket purchases, travel, and behavior before and during travel to spot people with bad intentions rather than the specific weapons they use – they have all the time in the world to come up with new and better ways to evade the technical security measures, but like in information security, the real detection gold is to be found in human behavior.
An interesting idea from Visa (of credit card fame) over in Europe… using card members’ mobile phones as location based tokens to verify credit card transactions and ATM withdrawals. The thinking is that if your mobile phone is in the same location as where a purchase or ATM withdrawal is being made, it is more likely that you too are present and that the transaction is valid.
On the pro side:
Using this as one of multiple factors to validate a transaction seems like a good idea… people tend to keep track of their mobile phones and keep them close and adding a token (something you have in addition to the credit card itself) without requiring the user to do anything provides an extra layer of security without adding inconvenience.
This would be particularly handy for those of us who travel a lot – I usually find my card shut down due to a fraud alert at least once per international trip (even if I provide the card issuer with an itinerary in advance).
On the con side…
Some people may see privacy issues with this… The card issuer already knows where you are based on the transaction data and the phone location information does not really add much to the information being disclosed. However, this assumes that the only time that the issuer avails themselves of the location data from the phone is when a transaction is made. I could conceive of situations where the issuer could use the location data for other reasons – for example, detecting that you are at the mall and offering an incentive to use their card rather than the other cards in your wallet.
This model breaks down if a thief gets hold of my mobile AND my credit card or if I forget to take my phone with me. However, if the phone location is used as one of multiple validation criteria, the system should be able to handle these edge cases.
I think that this could be a good idea IF protections could be put in place to limit the use of phone location data by card issuers to validation of transactions. I could also foresee this as a tool that could be used by enterprises as an additional authentication factor for remote access to systems and networks. If the carriers could provide an API which would allow geolocation of corporate phones and that information could be cross referenced with IP geolocation, we could get alerts or block access when the locations don’t match… this has potential, but the proverbial jury is still out.
A couple of years back, before the H1N1 swine flu was all the rage, all of us disaster obsessed types were focused on H5N1 bird flu, which in addition to being 4Hs worse than swine flu, had a human death rate of 60%. Then swine flu came along (underwhelming us as far as global pandemics are concerned) and we all went back to worrying about people with explosives in their underwear. Well, it seems that the birds and pigs have been plotting behind our backs, coming up with a new hybrid bird-pig flu, which in one case described in New Scientist magazine, developed a mutation which gives it the ability to bind to receptors found in the noses of pigs… and humans (cue ominous music, please). Just a reminder that virii (like the rest of nature as far as I can tell) is out to destroy the human race. And that we need to keep an eye on the flu.
What a difference a few weeks make in aviation safety… we have gone from closing down large swathes of European air space because any volcanic ash is too much volcanic ash to “a little ash never hurt anyone.” What happened? As usual, New Scientist magazine has a very insightful article explaining the shift in thinking.
Apparently, a little mishap in 1982 in which a BA 747 lost all 4 engines due to ash contamination prompted international regulators to decide that if any volcanic ash was observed or predicted to cross airspace, that airspace needed to be closed. (By the way, the BA pilots managed to restart the engines, but, I am sure that a lot of undies had to be changed by that time). However, no testing was ever done to determine if there is a safe ash concentration level, below which planes can fly without losing their engines.
Fast forward to the past few weeks. The eruption of Eyjafjallajökull was the first one which affected such a large and busy area of active air space, and grounding 6.8 million passengers and causing untold hundreds of millions of dollars in losses to the airlines and businesses which depend on air transport provided a wake up call for regulators – maybe we need to do some risk assessment here. (Ya think?) So now, the aircraft engine makers and regulators are working their fingers to the bone to figure out just how much ash is too much ash for safe jetting about.
So, if Eyjafjallajökull acts up again, how safe will it be to fly? (This is a question near and dear to my heart, as I have a trip to London coming up…) The European Air Safety Agency has published recommendations to operators of jet aircraft which allow flight in airspace with a “low contamination” of volcanic ash. However, the document does not define how low the concentration must be to allow safe operation. Carriers are probably looking to Alaska Airlines for some help in making volcanic operation safe. Since their service are covers volcanically active Washington State and Alaska, they have had ample opportunity to learn how to fly safely during eruptions.
So will I get on the plane if Eyjafjallajökull gets heartburn but the airlines are flying? Yes – I think that the level of awareness and safety checks on the part of carriers and regulators reduce the risk to an acceptable level for the occasional traveler, but I will feel better when testing has been performed to put some firmer numbers around this problem. In the meantime, I plan to curl up with the ICAO Manual on Volcanic Ash Clouds, Radioactive Material and Toxic Chemical Clouds and a cup of tea.
Last post for today… my train is almost to NYC and no volcanoes in sight.
From the BBC News website… this map shows today’s ash situation… does not look too good as far as trans Atlantic flights from the States to Northern Europe and vice versa, but I am hearing that some trans Atlantic services are resuming (see @AirlineRoute for updates).
However, it looks like the European travel situation should be getting better tomorrow, as the EU replaces a blanket ban on air travel with a more focused and layered approach. European air space will be divided into sectors described as “no fly zones,” “limited service zones,” and “open airspace,” based on the amount and dispersion of ash from Iceland’s volcano, according to the BBC. I get the first and last categories, but I don’t know that I would want to go on a flight in the “limited service zones” – does this mean they are sorta safe? In a press release issued today, Eurocontrol (the air traffic agency for the EU) had this to say…
“…while the initial reaction by the States was prudent and reduced risk to an absolute minimum, it was now time to move towards a harmonized European approach (set out below) that permitted flights – but only where safety was not compromised… Accordingly a limited “No-fly zone” will be established by the States concerned, based on forecasts from the VAAC. EUROCONTROL will provide the data and the forecast to States every 6 hours. Aircraft Operators will be permitted to operate outside this zone. In their decision as to whether to fly, they will be supported by shared data including advice from the scientific community (meteo, volcanic ash proliferation etc.) – including safety assessments supported by tests under the oversight of the competent Safety Authorities. The conference also concluded that, in time, it should be possible to move towards an approach in which full discretion is given to Aircraft Operators.”
Earlier today, a mislabeled webcam in Iceland led to false news reports of yet another volcano erupting. Turns out that it was the same volcano continuing to erupt. D’oh!
Looking for some stories and advice from the people affected by this whole mess? Searching for #ashtag on Twitter yields a fascinating real time look at what’s going on – and makes you glad not to be traveling…”
Oh, and by the way, here is how (and how not to) pronounce the name of the Icelandic volcano…
One of my responsibilities at work is to make sure that our employees are safe while traveling. Until today, this week’s Icelandic volcanic eruption was a no brainer… flights in the affected area were cancelled for safety reasons. Now, the airlines and the EU have been performing test flights to see if it is possible to restart flights in Northern Europe in spite of the continuing eruption. KLM flew a plane (with no passengers on board) from Duesseldorf to Amsterdam on Saturday without incident, although at lower altitude than normal. Similar flights by BA, LH and AF also landed without incident. Given the magnitude of the economic losses and travel chaos being caused by the cessation of air traffic, I can understand why folks are anxious to get planes back into the air. However, not everyone is a fan of this plan… the Finnish airforce ran their own tests using F-18 fighters and concluded that even short term exposure to the ash cloud caused damage to the planes’ engines. And tests run by NASA showed that even very thin clouds of ash could significantly damage jet engines.
So… what if the EU decides to reopen Northern Europe’s airspace? What travel advice do I provide to my colleagues? Should people currently stuck waiting for flights to or from the region take one of the first flights? Personally, I would not be ready to get on a flight to LHR today if the air space were to reopen whilst Eyjafjallajökull is still being uppity. And I would be hesitant to get on a plane which had flown through the ash for some time after the eruption ceases, since damage to engines may manifest itself over time. For now, the airways are still closed, so this is a hypothetical question. But if the EU and airlines decide that the risks are acceptable, people are going to want to get home or make trips for business. Coming up with a travel policy which balances risk with the need to conduct business is going to be a challenge – especially if this eruption continues for a long period of time or if it is a precursor to a much larger volcanic event. Stay tuned…