Mandatory and voluntary reporting
4.1
This chapter examines matters arising from the 2014 Seven Network
reports on aviation security, including:
-
the substance of these reports, including implications for the
integrity of Australia's air security framework;
-
the material obtained by Mr Bryan Seymour of the Seven Network
through FOI requests made to the department;
-
the reaction of aviation industry stakeholders to these reports;
and
-
any changes in the rates of voluntary reporting of security
incidents to the department since these reports first aired.
Seven Network reports into Australian aviation and airport security
4.2
In July and November 2014, the Seven Network ran four reports by senior
network journalist Mr Bryan Seymour, on security breaches at Australian
airports. These reports were based on documents obtained from the department
through an FOI process begun in May 2014.[1]
4.3
The documents released by the department outlined 282 security breaches
that were recorded between January 2012 and April 2014, at the Perth,
Adelaide, Melbourne, Sydney, Brisbane and Gold Coast airports. The majority of
the incidents recorded in these documents were of two types:
-
occasions when unauthorised individuals breached the 'sterile
area' of an airport;[2]
and
-
occasions when prohibited items or weapons missed during routine
passenger screening were subsequently detected or surrendered in sterile areas
or on board aircraft. Examples of prohibited items detected in sterile areas
over this period included knives and tools, such as screwdrivers, pliers,
scissors and box cutters. Examples of weapons detected included pepper spray,
tasers and bullets.[3]
4.4
The committee is aware that Mr Seymour has continued to investigate
security breaches at Australian airports, most recently reporting on the
regular discovery of 'credit card' knives being undetected by screening
programs.[4]
4.5
Through additional FOI requests, Mr Seymour and the Seven Network
obtained documents detailing 100 weapons confiscated from Australian airports.
The committee notes with concern that these 100 confiscations occurred over a
short period of time, between 18 March and 8 May 2016, and
included fifteen handguns and a rifle.[5]
4.6
Additionally, the FOI documents revealed that 75 'credit card' knives
were seized over this period. These are small, foldable knives that are
designed to look like a credit card and fit inside a standard wallet. Although
they are banned in Australia (with the exception of Western Australia[6]),
they are easily obtained through internet sellers for very low costs. The Seven
Network reported that 39 were found at Melbourne airport; 14 in Sydney; 11 in
Adelaide; 11 in Brisbane and 3 in Canberra.[7]
4.7
It has since been reported elsewhere that the majority of prohibited
items seized at the Canberra Airport from 2013‑14 onwards have been
credit card knives, followed by scissors and pocket knives. Only rarely were
more serious weapons discovered, such as capsicum spray and knuckle dusters.[8]
Industry reactions to media reports
4.8
Much of the evidence from industry stakeholders highlighted the need to
resist reacting prematurely to media reports or commentary, and to exercise
caution in developing policy and legislation for aviation security. A number of
submitters also expressed concerns with the content of the media reports.
4.9
The AAA highlighted the importance of well-considered security policy
development and implementation in the aviation sector:
The AAA believes that any changes to the regulation of
aviation security, which may result in additional resources or procedures, must
be driven by Government led intelligence and applied utilising a practical,
efficient, risk-based approach. The AAA certainly does not recommend
considering any changes to the aviation security regulatory framework on the
basis of isolated media reports that failed to take into account the layered
approach taken to aviation security in Australia, which has been highly
successful in preventing unlawful interference.[9]
4.10
This position was supported by ASIAL, which stated that:
The recent security incidents raised should not cause
knee-jerk reactions but a thoughtful approach in gaining advantage in improved
equipment operation, staff training, national standards, recognition or
commercial reality and public education.[10]
4.11
Mr Robin Darroch told the committee that any modification of current
aviation security regulations should be based on evidence, rather than on the
ability of media bodies to create a story out of it. Mr Darroch argued that:
...a considerable number of recent amendments to security
regulations have been unnecessary and ill advised, resulting in greater
inconvenience to the travelling public, in greater inconvenience to those
employed in the air transport industry and/or in banning practices that pose no
real threat to aviation security, without marked or significant improvements in
the resultant security environment. Although various submissions and the terms
of reference of this inquiry refer to hundreds of procedural breaches, there
has been no evidence presented...that any of those breaches have resulted in
genuine threats to the safety of Australian aviation operations.[11]
4.12
AIPA held a similar view, noting:
...the media coverage, whilst
legitimately based, was perhaps a little overblown in certain areas. AIPA
believes that any response must be balanced with a realistic approach of what
is achievable and what is reasonable within costs, without excessive social
impacts.[12]
4.13
AIPA also submitted to the committee that the media report detailed
breaches of security that had been detected and recorded by the relevant
agencies. AIPA was instead more concerned with the risk presented by those
instances where security breaches were not detected.[13]
4.14
Moreover, AIPA also noted that some perceived vulnerabilities in our
domestic aviation security were actually common systemic problems globally:
...we deal publicly with inappropriately targeted security
measures that are largely uncorrelated with the risk but are in plain sight;
and we deal privately with unmitigated security risks and ineffective processes
that the public rarely sees. We also believe that any public examination of
aviation security measures such as this present inquiry needs to clearly
distinguish which of the publicised shortcomings are specific to the Australian
situation rather than symptomatic of the economics of aviation security
measures worldwide.[14]
4.15
Melbourne Airport urged the committee not to base its inquiries on
media reports, considering this a 'superficial basis on which to conduct an
inquiry'. It argued that, in this instance, 'the media report in question was
poorly informed and highly sensationalist in its approach'.[15]
4.16
Some evidence to the committee made the point that a large part of the
current aviation security framework is not immediately visible to the media or
travelling public. For example, AIPA highlighted the difficulties associated
with discussing aviation security in a public forum in any nuanced and
meaningful way. Most seriously, it put forward the view that engendering fear
about aviation security in the public domain could arguably be more dangerous
than inculcating a sense of complacency.[16]
4.17
The department advised the committee to consider the number of breaches
against the total number of passengers that were screened over the period:
There were 282 breaches over a 27-month period. In the
context of what is going on at airports, that is 56 million passengers
travelling on Australian domestic flights in that period and over 29 million on
international flights. So, even if we have not accounted for growth, we can
estimate that in that period about 192 million passengers flew to, from and
within Australia during the period of that FOI request. That equates to
approximately one incident for every 685,999 passengers.[17]
4.18
Considering this broad perspective, the department argued that the
number of breaches was not excessive, given that there would always been some
lapses in a security framework that relied so heavily on human judgement:
In our view, given that we are talking about systems that
have an element of human judgement and skill involved, while we agree it is not
perfect, no system can be infallible. Security and safety systems always have
an element of failure because of human involvement and judgement.[18]
Layered approach to aviation
security
4.19
When asked to comment on the media report, witnesses from across the
aviation sector repeatedly emphasised to the committee the international
'layered approach' to aviation and airport security that characterises Australia's
current security regulations.
4.20
The layered approach includes intelligence information sharing and
policing, physical security measures (such as screening, perimeter fencing and
CCTV monitoring), and identification card programs. The AAA argued that
multiple layers of airport security have prevented any significant aviation
security incidents at Australian airports.[19]
4.21
The department informed the committee about the ICAO framework that
underpins aviation security regulations in Australia.[20]
It submitted that the layered approach taken by the ICAO had international
credence among its member states and that:
While no system is infallible, a layered approach means that
should one security layer be ineffective, there is a strong likelihood that
another layer may be effective. This approach is based on the principle of
'security in depth', that is, the more layers of security, the less chance an
attack will occur or be successful.[21]
4.22
In addition, the AFP noted it worked in close partnership with state and
federal agencies, as well as airport operators to provide a layered approach to
security and law enforcement. According to the AFP, this approach delivers a
robust aviation security system for Australia.[22]
4.23
Mr Simon Bourke, AAA, also highlighted the strengths of a layered
approach to aviation security:
...no one particular layer is infallible, and that is
completely acknowledged and accepted by the industry. The regulations and the
security network at airports are designed to mitigate the errors that can occur
at particular points with subsequent layers of security.[23]
4.24
The department also directly addressed claims made by the Seven Network
reports that suggested passenger safety could be severely compromised by
security breaches. The department argued in favour of the layered approach:
Often the perception is that the very obvious layers such as
passenger screening are critical and that minor breaches indicate significant
flaws in the aviation security system. However...these layers are part of a
complex and integrated system of security underpinned by robust, well-informed
risk analysis.[24]
Impact of media reports and FOI requests on voluntary reporting rates
4.25
The committee was particularly interested in determining whether the
2014 FOI process undertaken by the Seven Network had any negative effect
on the reporting of security incidents by aviation industry stakeholders, as
claimed by Mr Seymour.[25]
4.26
To determine whether there has been a decline in the number of security
incidents reported under mandatory and voluntary reporting schemes, the
committee sought further information from industry stakeholders, about both the
nature of the schemes and participation rates.
Mandatory reporting scheme
4.27
Ms Sachi Wimmer, OTS, clarified for the committee that mandatory
reporting did exist under the Act with certain aviation industry stakeholders
formally required to report aviation security incidents to the department,
namely:
...airport and aircraft operators; persons with incident
reporting responsibilities, which include aviation security inspectors—they are
our employees; airport security guards; screening officers; and certain other
industry participants, including air cargo regulated agents, and also employees
of aviation industry participants that we regulate.[26]
4.28
Under this requirement, all incidences of 'unlawful interference' must
be reported, which the Act defines as any of the following done without lawful
authority:
- taking
control of an aircraft by force, or threat of force, or any other form of
intimidation or by any trick or false pretence;
- destroying an aircraft that is in
service;
- causing
damage to an aircraft that is in service that puts the safety of the aircraft,
or any person on board or outside the aircraft, at risk;
- doing
anything on board an aircraft that is in service that puts the safety of the
aircraft, or any person on board or outside the aircraft, at risk;
- placing,
or causing to be placed, on board an aircraft that is in service anything that
puts the safety of the aircraft, or any person on board or outside the
aircraft, at risk;
- putting
the safety of aircraft at risk by interfering with, damaging or destroying air
navigation facilities;
- putting
the safety of an aircraft at risk by communicating false or misleading
information;
- committing
an act at an airport, or causing any interference or damage, that puts the safe
operation of the airport, or the safety of any person at the airport, at risk.
(2) However,
unlawful interference with aviation does not include lawful advocacy,
protest, dissent or industrial action that does not result in, or contribute
to, an action of a kind mentioned in paragraphs (1)(a) to (h).[27]
Voluntary reporting scheme
4.29
The voluntary reporting scheme was created with the intention of
allowing the reporting of incidents beyond those mandated under the Act.[28]
The department noted:
Voluntary reports to the department can be made by people who
are required to report incidents under the Act, if they are reporting a type of
incident that is not covered by the Act, or people who are not required to
report incidents under the Act. So, it actually just expands the mandatory
reporting and makes it even broader.[29]
4.30
The department told the committee that the voluntary reporting scheme
was 'originally established as a means of encouraging the reporting of
security-related events' that were not required to be reported under the Act.
This system was intended to augment legislative provisions to 'strengthen the
link between security events and occurrences with intelligence analysis,
targeted compliance activity, policy development and provision of information
to industry'.[30]
4.31
Mr Gary Bowden, AAA, told the committee that the voluntary scheme is a
joint effort between the aviation industry and the department to ensure a robust
and strong security management system. He commented that it was premised on the
view that:
...if [stakeholders] reported those incidents we could better
analyse the data and the trends and investigate them properly. That would
better inform our future focus on human factors or technology development.[31]
4.32
The department outlined the types of incidents that have been reported
under the voluntary reporting scheme (in addition to those incidents captured
under the mandatory reporting scheme set out in the Act), including:
-
weapons or prohibited items in a sterile area or on board an
aircraft;
-
unauthorised access to a secure area;
-
perimeter damage;
-
suspicious activity (including outside perimeter areas); and
-
failure of a person or persons to comply with identification
requirements.[32]
4.33
It appears to the committee that many of the incidents outlined in the
documents obtained by the Seven Network – such as those involving the detection
of a prohibited item, for example scissors or box cutters, in a sterile area –
would have been reported to the department under the voluntary scheme, rather
than the mandatory scheme.
4.34
It was noted in submissions to the committee that there may be benefits of
not legislating the reporting of all security incidents at airports. Mr Robin
Darroch argued that some regulated security measures distract from more
important tasks, stating '[t]he longer the list is, and the more work people
are doing to spot things on that list, the less anyone is likely to notice that
one critical case of something that just isn't right'.[33]
Impact of media reports on
voluntary reporting rates
4.35
Mr Seymour told the committee that his reports caused some stakeholders
to withhold some reporting of security incidents to the department, due to
concerns over potential FOI requests in the future. Mr Seymour also stated that:
the review of a FOI decision in favour of the Seven Network
revealed that many airports now do not voluntarily report security incidents as
a result of our FOI request, meaning the public is now less informed than
before on what is really going on at our airports.[34]
4.36
This claim was substantiated by an internal review decision of the
department. In this, Mr Andrew Wilson, Deputy Secretary of the
department, stated:
...I note that some of the [Aviation
Industry Participants] have already ceased voluntary reporting to the Department
on aviation security incidents due to this FOI request, and therefore similar
information may not be obtained in the future.[35]
4.37
The department did concede that some industry stakeholders were
concerned about the implications of the Seven Network FOI decision review:
On voluntary reporting, when the FOI report came in we
certainly had concerns from the industry sector we regulate that they did not
want that to be exposed. And there were, for want of a better word, threats
that they would stop reporting under the voluntary scheme. That does not mean
that they can stop under the mandatory scheme, though.[36]
4.38
The department provided more detail of the types of concern put forward
by these stakeholders, noting that:
...they were not happy with
the fact that we had to release the information. We had deeds of
confidentiality, which had been put in place before I was involved in the
division, and unfortunately I think some promises had been made about their
capacity to limit FOI disclosure, so there was some unhappiness.[37]
4.39
In support of the voluntary reporting scheme, the department provided
the committee with information on its deeds of confidentiality with seven
airports and one airline.[38]
According to these deeds, data captured by the voluntary reporting scheme was
defined as 'confidential information', which placed a number of restrictions
and requirements on its usage, storage and disclosure.[39]
4.40
The department advised that these deeds of confidentiality provided a
framework for cooperation with industry in order to assess the effectiveness of
the current aviation security regime. The deeds also assisted with the
identification of security vulnerabilities and support continuous improvement
of the system by producing benchmarking information.[40]
4.41
However, in February 2016, the department noted that no information had
been provided under deeds of confidentiality since the release of FOI
information to the Seven Network in July 2014.[41]
The department also informed the committee that, even though existing deeds of
confidentiality were still valid, it was reviewing the terms of the deeds and
scoping out other potential mechanisms 'to ensure the relevant information is
provided by industry, and that such information is appropriately protected'.[42]
4.42
Also in February 2016, the department provided correspondence to the
committee, to update information it had provided the previous year. This
correspondence clarified that:
A number of concerns have been expressed about the release of
information provided to the Department by industry since February
2015...[including] that the public release of voluntary reporting information has
security, reputation and legal consequences for them as it could be exploited
to circumvent preventive security measures and measures for detecting breaches
of security with clear implications for public confidence in their business. A
number of industry participants have also verbally advised that this has led to
them ceasing to provide voluntary reports to the Department, which they
acknowledge is likely to prejudice the continuous improvement of aviation
security in Australia.[43]
4.43
Some industry stakeholders gave evidence regarding their voluntary
reporting procedures. For example, Melbourne Airport told the committee that it:
has not changed its policy on the voluntary reporting of
aviation security incidents to the Department of Infrastructure and Regional
Development as a result of the FOI request. Melbourne Airport continues to
voluntarily report all aviation security incidents to the Commonwealth.[44]
4.44
Additionally, Mr Stephen Prowse, AAA Board Director, noted during the
hearing:
I can say with absolute certainty that there has been
absolutely no change to our voluntary reporting regime and the approach that we
take to that. I can also make a similar comment for quite a number of regional
airports in New South Wales that I represent through the AAA, as the New South
Wales chair. Those who I have spoken to directly about this – and there are a
number of them – have said that there has been no change to [their reporting],
either.[45]
4.45
However, following the hearing, the AAA conducted a survey of its
members: It informed the committee that:
With regards to voluntary reporting, the AAA also surveyed
its members on the question of whether or not the airport continues to
participate in the voluntary reporting scheme of aviation security issues to
the [Office of Transport Security].
Of the 26 airports that responded within the short timeframe,
23 stated that they continue to participate in the voluntary reporting scheme.
The three airports that indicated that they have ceased
voluntary reporting have cited the primary reason being the successful Freedom
of Information (FOI) request that was lodged with the Department.[46]
4.46
The AAA also set out its opposition to the public release of information
collected by the department under the voluntary reporting framework:
The AAA does not support public accessibility to this sort of
sensitive security information as it provides an opportunity for persons with
ill intent to identify and better understand particular security measures at
airports. Consequently, this may lead to those same people devising ways of
exploiting potential vulnerabilities in those security measures. It is also
worth noting that, given its informal nature, the structure and establishment
of the voluntary reporting system is not well documented with a lack of
specific guidance identified as an issue by industry. These concerns were
provided to the Department in detail prior to the release of the FOI related
information.[47]
4.47
Other witnesses also provided the committee with information about rates
of reporting under the voluntary system. For example, the AFP noted that it was
desirable to maintain a constant flow of useful information between
stakeholders and the Commonwealth. It had reasonable confidence that such a
flow would continue owing to its close liaison with the OTS. However, the AFP had
no comment on whether the voluntary reporting scheme should be legislated.[48]
4.48
Captain MacKerras, AIPA, argued that the FOI information obtained by the
Seven Network suggested Australia's security framework is working as intended,
and did not reflect badly on any aviation industry stakeholders:
What [the release of FOI information] shows is that the
system is detecting the sorts of things it was designed to detect...
The sort of stuff that we are really concerned about, of
course, is done at a much deeper level and out of the public eye. That is the
sort of stuff that really - you would not see in FOI anyway...So I would
actually be looking at seeing why people are choosing not to voluntarily report
something that should not really affect them. It is not detrimental to the
airport.[49]
Committee view and recommendations
4.49
In light of the evidence it has received, the committee is not convinced
there has been a substantial decline in the voluntary reporting of aviation
security incidents to the department, by industry stakeholders. In this, the
committee is aware that the voluntary reporting scheme is intended to augment
the mandatory reporting scheme required by the Act.
4.50
However, the committee is concerned by evidence that suggested some
airports no longer undertake voluntary reporting of incidents as a direct
result of the Seven Network's FOI process. Evidence received from the AAA
suggested that at least three out of 26 airports have ceased voluntarily
reporting security incidents because of concerns over potential FOI requests in
future.
4.51
The committee believes that reduced or reluctant reporting has a direct
and obvious negative effect on the flow of information between aviation
industry participants and the government agencies responsible for regulating
the sector and aviation security.
4.52
The committee is of the view that the information reported under the
voluntary reporting scheme is essential to maintaining a comprehensive aviation
security regulatory framework. Therefore, the committee recommends that the
information currently obtained under the voluntary scheme be made a compulsory
requirement under the Act.
Recommendation 4
4.53
The committee recommends that the Australian Government amend the
Aviation Transport Security Act 2004 to make it compulsory for aviation
industry participants to report information currently captured under the
voluntary reporting scheme.
Navigation: Previous Page | Contents | Next Page