The Efficiency of Security

Last week I visited a number of military and civilian Federal agencies in DC, MD, and VA. My experience in getting into these agencies was uniformly the same - long, cumbersome, and confusing. Now we all agree that the Federal agencies should control access to their facilities for security after all we are talking about national security. However, the question that begs to be answered is: Is this the most efficient and effective process to enforce security for access to our Federal government agencies? At every entrance, the visitor hand writes in a log her/his name, organization, citizenship status, name of the person to be visited, etc. Any re-transcription of this ineligible content into a digital format would introduce typographical errors, thus defeating the very purpose of the data being collected. Most agencies also require the serial number of the laptop to be logged as well. I wonder how many visitors put down the serial numbers for their laptop battery or wireless card? This to me sounds more of an appearance of security than security itself. 

So how can this process be improved? There are so many effective online meeting solutions that can be used to emulate for physical access to a Federal government building like Cisco webex, GoToMeeeting, Office Live Meeting and so on. The common thread of these systems is that the person who is hosting the meeting (the official at the Federal government agency in our case) will specify the location (a physical instead of a virtual location in our case) , date, time and invite attendees, which result in the generation of a unique event ID. Such a system can be easily extended to obtain the additional information (e.g. citizenship, laptop serial number)  required. In addition, such event management systems would issue a password to be able to attend the meeting. 

Imagine visiting a Federal agency where you can generate the necessary paperwork at a kiosk by supplying the meeting ID and password. In such a world, the security personnel would do where they would add the greatest value: verifying the credentials of the visitor and authorizing access similar to boarding an airplane. Once the system is IT based then additional checks on the visitor's credentials can be performed using web services. If the tracking of a laptop is critical, then such a kiosk can automatically determine the MAC address of the laptop ensuring additional safety. Imagine the millions of hours saved if every Federal agency adopted such a system.