To be a solvent nation-state, we need three attributes:
- A defined border,
- A defined people, and
- An ability to interact internationally.
If any country has these three attributes, then it is in the best interest of the country to protect and actively manage all three of them. Else, the country may not continue to exist or simply not be recognized by other solvent countries as an international actor of merit. Both occur in history.
The only way to manage mass population behaviors is through auditable process.
Single points of entry simplify security requirements. They simply don't scale. If we have one security person named Barney Fife, one doorway into a secured area and a single file line, perimeter entry is manageable and our risk is minimized. Even though Barney is dependable, likeable and a good guy, we have a systemic single point of failure. Barney may eventually get tired and become careless or apathetic if he works long hours, receives disrespect from people in queue or isn't paid and cared for well by the employer. We should expect Barney to get sick once or twice a year, have some personal family problems that may distract him from his ordinary attention to detail. And because we only have one point of entry and one person, we anticipate that we'll also never make our flights on-time for standing in queue so long. A single point of entry is more secure than a multi-entry solution. However, it doesn't scale. No matter how many people are in line, Barney can only work as fast as Barney can work. We need a solution that scales with mass population variability.
We like Barney's attention to detail, his work ethic, integrity, respect for others and good disposition. Now we need to scale. How do we get one-hundred or one-thousand people like Barney on our team? To scale this into multiple lines with multiple security personnel, we then need a process that all personnel are trained in, audited against and moulded accordingly. If predictable, repeatable process, then predictable, repeatable results with an expected margin of variability.
Let's explore a fictitious example.
We need to scale this model from one airport to 1,000 airports in the domestic US, each containing one or more queues and multiple personnel. To make the math simple let's assume each airport will have 100 flights per day with 10% of all traffic per airport being international from 10 other international airports. This fictitious math let's us define our problem as follows:
- 1,000 domestic US airports
- 3 security lines per airport
- 3 staff per security line
- 90 domestic US flights per day per airport
- 10 international flights per day per airport
This fictitious math suggests the domestic US enjoys 100,000 flights per day with 10,000 of them being from international airports. The math further suggests we then have 3,000 security lines to manage and 9,000 security staff. Our challenge of predictable, repeatable process, coupled with respect for staff and passengers is now comparatively quite difficult. Barney, though a great employee, isn't enough.
Let's assume, for the purposes of this exercise, that our solution model is primarily built upon the need for human involvement. First, we need predictable, repeatable physically secured people movement solutions that are in place for every airport, every line. One pattern, one implementation and one budget where possible. Modified where building constraints require. Second we require a predictable, repeatable security policy that all people know about, understand and will expect, staff and passengers alike. Thereafter, we need predictable, repeatable technology implementations where possible and then predictable, repeatable physical inspection techniques. Obviously the physical inspection policies and procedures must be transparently auditable within an upper and lower bound of acceptability versus unacceptability and there must be both staff and passenger recourse options in the event of violation or perceived violation. All of this needs to scale to three lines and nine staff per airport for 1,000 airports. And a critical element in this math is to assume there are approximately 50 passengers per airplane suggesting our solution will need to handle approximately 5,000,000 passengers across all airports (50 passengers * 100 flights/day/airport * 1,000 airports). Our fictitious math suggests that we have a scalar problem. We must have a solution that dynamically changes with demand. An elastic process and procedure.
It is reasonable to suggest that our problem is mass people movement. However, this problem has already been solved many times over when considering amusement parks, sport arenas, convention centres, large office buildings, casinos, malls, large city festivals and some tourist destinations. We already know how to move people. While it is a problem requiring constant evolution, moving people isn't our primary problem.
Perhaps our problem is that of luggage inspection. What are the methods and tools employed to perform inspection of luggage and miscellaneous carry-ons? Where possible, we employ technology to aid in the inspection. Where we have no technology, we use people. Where we have exceptions to process, we use people as well. We already have expertise with inspection given mass production manufacturing and domestic/international parcel shipping. We know how to identify, track, inspect and report. The art of luggage or parcel inspection is not our primary problem.
What about people inspection? Again, what are the methods and tools employed to perform inspection of people? We employ technology to inspect people where available, possible or chosen. Where there is no technology, we again rely upon people to inspect people. And exceptions to the process are of course then fully organic as well. A pretty boring conversation, right? Years of military and police work have taught us methods of people observation and inspection. We know how to perform this task. The issue appears to be whether it is necessary, to what extent and whether it is being done respectfully and appropriately and under the right circumstances. If and when we leave context-driven or conditional decisioning up to 9,000 security staff distributed across 1,000 airports inspecting 5,000,000 people, we inevitably get variability. In this case, variability is a petri dish of conflict and confrontation. People inspecting people is a problem and auditing the inspectors against standard implies potential liability for dereliction of duty.
What about audit against process and procedure? With any process expected to yield predictable, repeatable quality, auditability of action and result is a requirement. Quality assurance is designed to prevent problems. Quality control is designed to detect them. On any level and in any context, preventive behaviour is cheaper than detective behaviour which requires rework, modification or additional attention too far downstream. Prevent it from happening versus trying to fix it after broken. This is what we're attempting to do with the implementation of security, however people, that which is being managed, are getting lost in the cracks. How to perform luggage inspections, perform people inspections, exceptions to expected action and result. How to handle verbal conflict, physical conflict and so on. Where there is process and procedure there must also exist audit against standard to manage variability. Years and years of corporate history tells us how difficult it is to define expected human behaviour, measure it, evolve it and particularly how to tie business results to individual and team performance. It isn't binary. It is often subjective, complicated and the auditors are rarely loved. When technological solutions are in place, audit is simple. When people inspecting people methods are put in place, audit is a complicated. Inspection of mass organic behaviour is a problem. Inspection of the inspectors inspecting the people is also a problem.
As with any large system, the more people involved, the higher probability of incongruent action and result. Unquestionably, the weakest link in this security process is people. Particularly, leveraging people to inspect people. The second weakest link in this process is leveraging people to inspect luggage. Exception cases, perhaps. As a primary solution? No. And the third weakest link is the absence of clearly defined auditability and recourse methods within the system. In the name of security, there is no recourse for poorly executed procedures and results, and auditabilty itself and the associative results communicates organizational liability. Governments do not have histories of suggesting "We did it wrong" or "We are doing it wrong". Ladies and Gentlemen, we're doing it wrong. As a result, personal freedoms are perceived to be and/or actually violated and the result is conflict between the checkers and those being checked. The scale of the problem cannot be solved organically. The organic solution to this problem is itself a problem.
Now, how do we solve this?