Chapter 4

Mandatory and voluntary reporting

4.1        This chapter examines matters arising from the 2014 Seven Network reports on aviation security, including:

Seven Network reports into Australian aviation and airport security

4.2        In July and November 2014, the Seven Network ran four reports by senior network journalist Mr Bryan Seymour, on security breaches at Australian airports. These reports were based on documents obtained from the department through an FOI process begun in May 2014.[1]

4.3        The documents released by the department outlined 282 security breaches that were recorded between January 2012 and April 2014, at the Perth, Adelaide, Melbourne, Sydney, Brisbane and Gold Coast airports. The majority of the incidents recorded in these documents were of two types:

4.4        The committee is aware that Mr Seymour has continued to investigate security breaches at Australian airports, most recently reporting on the regular discovery of 'credit card' knives being undetected by screening programs.[4]

4.5        Through additional FOI requests, Mr Seymour and the Seven Network obtained documents detailing 100 weapons confiscated from Australian airports. The committee notes with concern that these 100 confiscations occurred over a short period of time, between 18 March and 8 May 2016, and included fifteen handguns and a rifle.[5]

4.6        Additionally, the FOI documents revealed that 75 'credit card' knives were seized over this period. These are small, foldable knives that are designed to look like a credit card and fit inside a standard wallet. Although they are banned in Australia (with the exception of Western Australia[6]), they are easily obtained through internet sellers for very low costs. The Seven Network reported that 39 were found at Melbourne airport; 14 in Sydney; 11 in Adelaide; 11 in Brisbane and 3 in Canberra.[7]

4.7        It has since been reported elsewhere that the majority of prohibited items seized at the Canberra Airport from 2013‑14 onwards have been credit card knives, followed by scissors and pocket knives. Only rarely were more serious weapons discovered, such as capsicum spray and knuckle dusters.[8]

Industry reactions to media reports

4.8        Much of the evidence from industry stakeholders highlighted the need to resist reacting prematurely to media reports or commentary, and to exercise caution in developing policy and legislation for aviation security. A number of submitters also expressed concerns with the content of the media reports.

4.9        The AAA highlighted the importance of well-considered security policy development and implementation in the aviation sector:

The AAA believes that any changes to the regulation of aviation security, which may result in additional resources or procedures, must be driven by Government led intelligence and applied utilising a practical, efficient, risk-based approach. The AAA certainly does not recommend considering any changes to the aviation security regulatory framework on the basis of isolated media reports that failed to take into account the layered approach taken to aviation security in Australia, which has been highly successful in preventing unlawful interference.[9]

4.10      This position was supported by ASIAL, which stated that:

The recent security incidents raised should not cause knee-jerk reactions but a thoughtful approach in gaining advantage in improved equipment operation, staff training, national standards, recognition or commercial reality and public education.[10]

4.11      Mr Robin Darroch told the committee that any modification of current aviation security regulations should be based on evidence, rather than on the ability of media bodies to create a story out of it. Mr Darroch argued that:

...a considerable number of recent amendments to security regulations have been unnecessary and ill advised, resulting in greater inconvenience to the travelling public, in greater inconvenience to those employed in the air transport industry and/or in banning practices that pose no real threat to aviation security, without marked or significant improvements in the resultant security environment. Although various submissions and the terms of reference of this inquiry refer to hundreds of procedural breaches, there has been no evidence presented...that any of those breaches have resulted in genuine threats to the safety of Australian aviation operations.[11]

4.12      AIPA held a similar view, noting:

...the media coverage, whilst legitimately based, was perhaps a little overblown in certain areas. AIPA believes that any response must be balanced with a realistic approach of what is achievable and what is reasonable within costs, without excessive social impacts.[12]

4.13      AIPA also submitted to the committee that the media report detailed breaches of security that had been detected and recorded by the relevant agencies. AIPA was instead more concerned with the risk presented by those instances where security breaches were not detected.[13]

4.14      Moreover, AIPA also noted that some perceived vulnerabilities in our domestic aviation security were actually common systemic problems globally:

...we deal publicly with inappropriately targeted security measures that are largely uncorrelated with the risk but are in plain sight; and we deal privately with unmitigated security risks and ineffective processes that the public rarely sees. We also believe that any public examination of aviation security measures such as this present inquiry needs to clearly distinguish which of the publicised shortcomings are specific to the Australian situation rather than symptomatic of the economics of aviation security measures worldwide.[14]

4.15       Melbourne Airport urged the committee not to base its inquiries on media reports, considering this a 'superficial basis on which to conduct an inquiry'. It argued that, in this instance, 'the media report in question was poorly informed and highly sensationalist in its approach'.[15]

4.16      Some evidence to the committee made the point that a large part of the current aviation security framework is not immediately visible to the media or travelling public. For example, AIPA highlighted the difficulties associated with discussing aviation security in a public forum in any nuanced and meaningful way. Most seriously, it put forward the view that engendering fear about aviation security in the public domain could arguably be more dangerous than inculcating a sense of complacency.[16]

4.17      The department advised the committee to consider the number of breaches against the total number of passengers that were screened over the period:

There were 282 breaches over a 27-month period. In the context of what is going on at airports, that is 56 million passengers travelling on Australian domestic flights in that period and over 29 million on international flights. So, even if we have not accounted for growth, we can estimate that in that period about 192 million passengers flew to, from and within Australia during the period of that FOI request. That equates to approximately one incident for every 685,999 passengers.[17]

4.18      Considering this broad perspective, the department argued that the number of breaches was not excessive, given that there would always been some lapses in a security framework that relied so heavily on human judgement:

In our view, given that we are talking about systems that have an element of human judgement and skill involved, while we agree it is not perfect, no system can be infallible. Security and safety systems always have an element of failure because of human involvement and judgement.[18]

Layered approach to aviation security

4.19      When asked to comment on the media report, witnesses from across the aviation sector repeatedly emphasised to the committee the international 'layered approach' to aviation and airport security that characterises Australia's current security regulations.

4.20      The layered approach includes intelligence information sharing and policing, physical security measures (such as screening, perimeter fencing and CCTV monitoring), and identification card programs. The AAA argued that multiple layers of airport security have prevented any significant aviation security incidents at Australian airports.[19]

4.21      The department informed the committee about the ICAO framework that underpins aviation security regulations in Australia.[20] It submitted that the layered approach taken by the ICAO had international credence among its member states and that:

While no system is infallible, a layered approach means that should one security layer be ineffective, there is a strong likelihood that another layer may be effective. This approach is based on the principle of 'security in depth', that is, the more layers of security, the less chance an attack will occur or be successful.[21]

4.22      In addition, the AFP noted it worked in close partnership with state and federal agencies, as well as airport operators to provide a layered approach to security and law enforcement.  According to the AFP, this approach delivers a robust aviation security system for Australia.[22]

4.23      Mr Simon Bourke, AAA, also highlighted the strengths of a layered approach to aviation security: one particular layer is infallible, and that is completely acknowledged and accepted by the industry. The regulations and the security network at airports are designed to mitigate the errors that can occur at particular points with subsequent layers of security.[23]

4.24      The department also directly addressed claims made by the Seven Network reports that suggested passenger safety could be severely compromised by security breaches. The department argued in favour of the layered approach:

Often the perception is that the very obvious layers such as passenger screening are critical and that minor breaches indicate significant flaws in the aviation security system. However...these layers are part of a complex and integrated system of security underpinned by robust, well-informed risk analysis.[24]

Impact of media reports and FOI requests on voluntary reporting rates

4.25      The committee was particularly interested in determining whether the 2014 FOI process undertaken by the Seven Network had any negative effect on the reporting of security incidents by aviation industry stakeholders, as claimed by Mr Seymour.[25]

4.26      To determine whether there has been a decline in the number of security incidents reported under mandatory and voluntary reporting schemes, the committee sought further information from industry stakeholders, about both the nature of the schemes and participation rates.

Mandatory reporting scheme

4.27      Ms Sachi Wimmer, OTS, clarified for the committee that mandatory reporting did exist under the Act with certain aviation industry stakeholders formally required to report aviation security incidents to the department, namely:

...airport and aircraft operators; persons with incident reporting responsibilities, which include aviation security inspectors—they are our employees; airport security guards; screening officers; and certain other industry participants, including air cargo regulated agents, and also employees of aviation industry participants that we regulate.[26]

4.28      Under this requirement, all incidences of 'unlawful interference' must be reported, which the Act defines as any of the following done without lawful authority:

  1. taking control of an aircraft by force, or threat of force, or any other form of intimidation or by any trick or false pretence;
  2. destroying an aircraft that is in service;
  3. causing damage to an aircraft that is in service that puts the safety of the aircraft, or any person on board or outside the aircraft, at risk;
  4. doing anything on board an aircraft that is in service that puts the safety of the aircraft, or any person on board or outside the aircraft, at risk;
  5. placing, or causing to be placed, on board an aircraft that is in service anything that puts the safety of the aircraft, or any person on board or outside the aircraft, at risk;
  6. putting the safety of aircraft at risk by interfering with, damaging or destroying air navigation facilities;
  7. putting the safety of an aircraft at risk by communicating false or misleading information;
  8. committing an act at an airport, or causing any interference or damage, that puts the safe operation of the airport, or the safety of any person at the airport, at risk.

(2)     However, unlawful interference with aviation does not include lawful advocacy, protest, dissent or industrial action that does not result in, or contribute to, an action of a kind mentioned in paragraphs (1)(a) to (h).[27]

Voluntary reporting scheme

4.29      The voluntary reporting scheme was created with the intention of allowing the reporting of incidents beyond those mandated under the Act.[28] The department noted:

Voluntary reports to the department can be made by people who are required to report incidents under the Act, if they are reporting a type of incident that is not covered by the Act, or people who are not required to report incidents under the Act. So, it actually just expands the mandatory reporting and makes it even broader.[29]

4.30      The department told the committee that the voluntary reporting scheme was 'originally established as a means of encouraging the reporting of security-related events' that were not required to be reported under the Act. This system was intended to augment legislative provisions to 'strengthen the link between security events and occurrences with intelligence analysis, targeted compliance activity, policy development and provision of information to industry'.[30]

4.31      Mr Gary Bowden, AAA, told the committee that the voluntary scheme is a joint effort between the aviation industry and the department to ensure a robust and strong security management system. He commented that it was premised on the view that:

...if [stakeholders] reported those incidents we could better analyse the data and the trends and investigate them properly. That would better inform our future focus on human factors or technology development.[31]

4.32      The department outlined the types of incidents that have been reported under the voluntary reporting scheme (in addition to those incidents captured under the mandatory reporting scheme set out in the Act), including:

4.33      It appears to the committee that many of the incidents outlined in the documents obtained by the Seven Network – such as those involving the detection of a prohibited item, for example scissors or box cutters, in a sterile area – would have been reported to the department under the voluntary scheme, rather than the mandatory scheme.

4.34      It was noted in submissions to the committee that there may be benefits of not legislating the reporting of all security incidents at airports. Mr Robin Darroch argued that some regulated security measures distract from more important tasks, stating '[t]he longer the list is, and the more work people are doing to spot things on that list, the less anyone is likely to notice that one critical case of something that just isn't right'.[33]

Impact of media reports on voluntary reporting rates

4.35      Mr Seymour told the committee that his reports caused some stakeholders to withhold some reporting of security incidents to the department, due to concerns over potential FOI requests in the future. Mr Seymour also stated that:

the review of a FOI decision in favour of the Seven Network revealed that many airports now do not voluntarily report security incidents as a result of our FOI request, meaning the public is now less informed than before on what is really going on at our airports.[34]

4.36      This claim was substantiated by an internal review decision of the department. In this, Mr Andrew Wilson, Deputy Secretary of the department, stated:

...I note that some of the [Aviation Industry Participants] have already ceased voluntary reporting to the Department on aviation security incidents due to this FOI request, and therefore similar information may not be obtained in the future.[35]

4.37      The department did concede that some industry stakeholders were concerned about the implications of the Seven Network FOI decision review:

On voluntary reporting, when the FOI report came in we certainly had concerns from the industry sector we regulate that they did not want that to be exposed. And there were, for want of a better word, threats that they would stop reporting under the voluntary scheme. That does not mean that they can stop under the mandatory scheme, though.[36]

4.38      The department provided more detail of the types of concern put forward by these stakeholders, noting that:

...they were not happy with the fact that we had to release the information. We had deeds of confidentiality, which had been put in place before I was involved in the division, and unfortunately I think some promises had been made about their capacity to limit FOI disclosure, so there was some unhappiness.[37]

4.39      In support of the voluntary reporting scheme, the department provided the committee with information on its deeds of confidentiality with seven airports and one airline.[38] According to these deeds, data captured by the voluntary reporting scheme was defined as 'confidential information', which placed a number of restrictions and requirements on its usage, storage and disclosure.[39]

4.40      The department advised that these deeds of confidentiality provided a framework for cooperation with industry in order to assess the effectiveness of the current aviation security regime. The deeds also assisted with the identification of security vulnerabilities and support continuous improvement of the system by producing benchmarking information.[40]

4.41      However, in February 2016, the department noted that no information had been provided under deeds of confidentiality since the release of FOI information to the Seven Network in July 2014.[41] The department also informed the committee that, even though existing deeds of confidentiality were still valid, it was reviewing the terms of the deeds and scoping out other potential mechanisms 'to ensure the relevant information is provided by industry, and that such information is appropriately protected'.[42]

4.42      Also in February 2016, the department provided correspondence to the committee, to update information it had provided the previous year. This correspondence clarified that:

A number of concerns have been expressed about the release of information provided to the Department by industry since February 2015...[including] that the public release of voluntary reporting information has security, reputation and legal consequences for them as it could be exploited to circumvent preventive security measures and measures for detecting breaches of security with clear implications for public confidence in their business. A number of industry participants have also verbally advised that this has led to them ceasing to provide voluntary reports to the Department, which they acknowledge is likely to prejudice the continuous improvement of aviation security in Australia.[43]

4.43      Some industry stakeholders gave evidence regarding their voluntary reporting procedures. For example, Melbourne Airport told the committee that it:

has not changed its policy on the voluntary reporting of aviation security incidents to the Department of Infrastructure and Regional Development as a result of the FOI request. Melbourne Airport continues to voluntarily report all aviation security incidents to the Commonwealth.[44]

4.44      Additionally, Mr Stephen Prowse, AAA Board Director, noted during the hearing:

I can say with absolute certainty that there has been absolutely no change to our voluntary reporting regime and the approach that we take to that. I can also make a similar comment for quite a number of regional airports in New South Wales that I represent through the AAA, as the New South Wales chair. Those who I have spoken to directly about this – and there are a number of them – have said that there has been no change to [their reporting], either.[45]

4.45      However, following the hearing, the AAA conducted a survey of its members: It informed the committee that:

With regards to voluntary reporting, the AAA also surveyed its members on the question of whether or not the airport continues to participate in the voluntary reporting scheme of aviation security issues to the [Office of Transport Security].

Of the 26 airports that responded within the short timeframe, 23 stated that they continue to participate in the voluntary reporting scheme.

The three airports that indicated that they have ceased voluntary reporting have cited the primary reason being the successful Freedom of Information (FOI) request that was lodged with the Department.[46]

4.46      The AAA also set out its opposition to the public release of information collected by the department under the voluntary reporting framework:

The AAA does not support public accessibility to this sort of sensitive security information as it provides an opportunity for persons with ill intent to identify and better understand particular security measures at airports. Consequently, this may lead to those same people devising ways of exploiting potential vulnerabilities in those security measures. It is also worth noting that, given its informal nature, the structure and establishment of the voluntary reporting system is not well documented with a lack of specific guidance identified as an issue by industry. These concerns were provided to the Department in detail prior to the release of the FOI related information.[47]

4.47      Other witnesses also provided the committee with information about rates of reporting under the voluntary system. For example, the AFP noted that it was desirable to maintain a constant flow of useful information between stakeholders and the Commonwealth. It had reasonable confidence that such a flow would continue owing to its close liaison with the OTS. However, the AFP had no comment on whether the voluntary reporting scheme should be legislated.[48]

4.48      Captain MacKerras, AIPA, argued that the FOI information obtained by the Seven Network suggested Australia's security framework is working as intended, and did not reflect badly on any aviation industry stakeholders:

What [the release of FOI information] shows is that the system is detecting the sorts of things it was designed to detect...

The sort of stuff that we are really concerned about, of course, is done at a much deeper level and out of the public eye. That is the sort of stuff that really - you would not see in FOI anyway...So I would actually be looking at seeing why people are choosing not to voluntarily report something that should not really affect them. It is not detrimental to the airport.[49]

Committee view and recommendations

4.49      In light of the evidence it has received, the committee is not convinced there has been a substantial decline in the voluntary reporting of aviation security incidents to the department, by industry stakeholders. In this, the committee is aware that the voluntary reporting scheme is intended to augment the mandatory reporting scheme required by the Act.

4.50      However, the committee is concerned by evidence that suggested some airports no longer undertake voluntary reporting of incidents as a direct result of the Seven Network's FOI process. Evidence received from the AAA suggested that at least three out of 26 airports have ceased voluntarily reporting security incidents because of concerns over potential FOI requests in future.

4.51      The committee believes that reduced or reluctant reporting has a direct and obvious negative effect on the flow of information between aviation industry participants and the government agencies responsible for regulating the sector and aviation security.

4.52      The committee is of the view that the information reported under the voluntary reporting scheme is essential to maintaining a comprehensive aviation security regulatory framework. Therefore, the committee recommends that the information currently obtained under the voluntary scheme be made a compulsory requirement under the Act.

Recommendation 4

4.53             The committee recommends that the Australian Government amend the Aviation Transport Security Act 2004 to make it compulsory for aviation industry participants to report information currently captured under the voluntary reporting scheme.

Navigation: Previous Page | Contents | Next Page