HMPS

NBC News today.
Atlanta airport said 1250 employee IDs were lost or stolen in the last two years.
Of course these are deactivated....but once you are in the vicinity of a locked area it may be easy to enter because one is wearing a uniform with a badge hanging around the neck !
And I have to remove my belt......

FliesWay2Much

Yes, it's called "piggybacking" and is done all too often in secure areas with badge reader access. Two people are walking close together heading towards a door protected by a card-reader. The first person "cards in" and sees the person right behind them. More often than not, the first person will notice the badge on the person behind them (or the person behind them will show them the badge) and the first person will do the courteous thing and hold the door open for them.

It may be courteous, but, security rules dictate that the first person has to close the door in the face of the person behind them to permit the second person to "card in" on their own merits. When I have been the first person and have slammed the door in the face of someone right behind me, I would say something like, "I'm sorry. I don't know you so you'll have to card in." When they do card in, I'm waiting for them in the foyer to apologize for having to have been be so uncivilized.

I could think of a dozen scenarios in which I could obtain a SIDA badge that had not yet been deactivated and use it to gain access to airside. I won't go into them here, but, it's pretty easy.

Having said this, the scenario for this actually being done by a real terrorist is pretty low. It's a lot easier to simply bribe a TSA clerk. The willingness of TSA clerks to accept bribes has been proven numerous times for non-terrorism related crimes such as drug running.

Section 107

Even if you know the other person you are not supposed to let them in on your card.

Even if you have escort privileges - if the other person has a badge for that area they must badge in/out on their own card.

Piggybacking is strictly prohibited. Most entry points to the SIDA are covered by cameras; the security goons do watch the videotapes and regularly penalize people who piggyback (both people are penalized). Modern surveillance software is very good at recognizing when multiple people go through an entrance but only one PIN was entered. First offense is a 3 day suspension; 2nd = 7 day suspension, 3rd = permanent revocation (and prohibition on future SIDA access at any other TSA regulated airport). Hard to keep your employment in those situations; strong incentive to not mess up.

Of course, even with that regime piggybacking still happens, especially when the other person is well known to the first. But that is the weakness in the system - humans. Aw heck, lets get rid of the system then because we certainly wont get rid of the humans. Oh wait, there's a thought....

This is just another example of "hard-hitting investigative journalism" that is excellent at selling fear and commercials but not putting the story in meaningful or useful perspective.

For example, as soon as a badge is misplaced it must be reported as lost/stolen - so how many of those were not actually lost but were found hours later or the next day because it was on his/her dresser? The report doesnt say. How many that were reported as truly "stolen" were recovered (say, left in a car that was stolen)? How soon after being reported lost/stolen were the badges recovered? How many total badges were issued in that time period (I estimate at least 120,000 based on 60,000 reported employees - badges are issued yearly).

A more useful question is how many attempts to enter the SIDA were made using a badge that was reported lost/stolen? I suspect that number is very close to zero and probably was done by someone who found their "lost" card and wanted to see if it still worked.