ASHER MOSES IN TOKYO – Google fellow Amit Singhal: search has come a long way in 20 years but it’s not yet making suggestions like a PA would.

One of Google’s top engineers and the world’s foremost expert on search engines says his next challenge is to turn Google into everyone’s personal assistant, capable of making suggestions and guiding users through their day without them having to lift a finger.

Google fellow Amit Singhal, who has studied search for 20 years, said what many would relegate to the realms of Star Trek was only a few years from becoming a reality.

Already, our always-connected phones can tell Google where we are (thanks to the built-in GPS) and our appointment schedule; they can speak to us and take instructions by voice. Google also knows a lot about the world around us and our own preferences based on past searches – all that’s needed now is an “intelligent glue” to tie everything together.

Mobile becomes your robot helper
Soon, Google’s systems would know your appointments and be able to tell you what time to leave, based on traffic and other information.

Furthermore, if Google knows you like Thai restaurants and that you drive past the best one in your city every day on the way to work, Google will soon be intelligent enough to suggest that you go and eat there.

“My son, when I was coming to the US, said: ‘Dad bring me a Japanese baseball.’ I coach little league to my son and my calendar knows today that I have 15 minutes between my last appointment here and my dinner appointment at my hotel,” Singhal said in an interview.

“If you combine my calendar time with my geography, which is the path from here to my hotel, and you combine the information atom ‘baseball shops’ or ’sports shops’ between here and there, what you have is the beginning of that personal assistant that can proactively tell me three blocks down the road, turn right, pick up a Japanese baseball for your son and then you can go to your dinner.”

Singhal, who was an academic researcher in search before joining Google in 2000, calls this “search without searching”.

Alan Eustace, head of Google’s engineers worldwide, pointed to a recent prediction that mobile phone searches would overtake desktop searches in 2012.

“There will be new things that you do on a phone that never occurred to you; just like navigation right now [and] augmented reality,” he said in an interview.

“I never thought voice search was ever going to work. I supported voice search my entire career as a research director but I never thought that it would reach a point where an untrained user could walk up to a device and input a query and have it correctly find the output.”

Search dreams become reality

Singhal described how the five major dreams he had around search two decades ago had already become reality, thanks in part to high-powered mobile phones with GPS navigation.

1. Searching outside text – Google’s search engine can now search images and video files. Copious amounts of information that was never in digital form is now searchable thanks to initiatives such as Google Street View and book scanning. Google Goggles lets users search for information just by submitting a photo of a landmark and translate text just by taking a photo of it.

2. Search beyond language – Users can now translate any pages and even conduct “cross-language searches”, allowing those who are, for instance, travelling to Japan to search information on Japanese-language websites and have the results and web pages displayed in English. Coming soon is the ability to have a conversation with someone who doesn’t speak your language and have translation performed on the fly.

3. Search that knows me – If you’re a cricket fan and have conducted searches on the game on Google and you search for “lords”, the top result will be the Lords cricket ground in London. The old results would list the Lords multiplayer online game first.

Google search can also tailor results depending on your location, while another newer Google feature throws up a section of results containing pages published by people you have identified as being in your online or offline social circle.

“Imagine if I had told you 20 years back that each and every one of you would have a tailor-made search engine for you? We have come a long way in realising that dream,” he said.

4. Search the present moment – Google’s “real-time search” compiles content that is being generated by the minute on sites such as Twitter and other services.

“There was an earthquake in California, and Google’s real-time search beat the US Geological Survey in telling the world that there was an earthquake in California by a whole eight minutes,” Singhal said.

5. Search that understands me – The “holy grail” of search engine technology is enabling machines to understand language like human beings do. Google has already come a long way in this regard by allowing its search engine to run voice searches and recognise that words mean different things depending on their context.

For instance, the keyword “change” could mean “adapt”, “convert”, “exchange”, “install” or “switch”, depending on the query, and Google’s search engine was already able to intelligently deduce this meaning.

Key pieces missing
But Singhal said there were still several pieces of the puzzle to put in place before his dream of “searching without search” could become a reality.

“Today some of the critical pieces that actually senses my environment to guide me through my day are missing – [my mobile] doesn’t know that I need to buy a baseball,” said Singhal.

“I don’t expect people to record everything they say, that would be fairly invasive. What I expect to happen is I just turn on my phone and say ‘buy baseball’, that’s it … right now I don’t do that because the best I can use that input for is to put a sticky note on my screen – that’s not that big a deal.”

Of course, such a high level of personalisation is bound to send privacy advocates and regulators into a spin. Just ask Mark Zuckerberg, the chief executive officer of Facebook, who has been raked over the coals several times by attempting to personalise advertising and other site features by forcing users to make more personal details available publicly.

Singhal said the key to solving these issues was transparency and control. Already, Google Dashboard allows users to view and manage the information stored about them on Google’s servers, and this would be critical for the new “personal assistant” feature.

“I really, really believe that privacy is critical to a successful product … users should have a right to divulge whatever they want and definitely a right to keep private whatever they want private,” Singhal said.

Asher Moses travelled to Tokyo as a guest of Google.

Streamlined identity management can help simplify access to government data and online services. By John Moore.

Imagine how tedious life would be if you needed a separate, specially issued debit card for each grocery store, gas station, restaurant, pharmacy, department store or Web retailer that you patronized — and a separate password for each card, too.

It would burdensome. It would also be costly to the businesses involved if each one had to issue those identity credentials to every one of its customers. And who would bear the brunt of those costs?

That is pretty much the operative situation, though, for government agencies when it comes to managing employees, consultants and contractors, and then controlling which information technology resources and networks they can tap into, whether they are turning on their computers in the morning, updating their personnel records in a human resources system, booking work-related travel, or signing in to an information-sharing wiki. Those IT access security mechanisms, essential as they are, are hardly ever a single system. Instead, each application or system typically has its own access control system.

As a result, users must remember multiple passwords and log-in methods, while IT departments must handle the grunt work of manually managing duplicative systems.

At the Agriculture Department, for example, it takes 200 employees to manage user accounts and roles and another 73 employees to focus on compliance, auditing and reporting tasks related to access control, according to USDA’s Office of the Chief Information Officer.

It wasn’t so bad years ago when IT played a more limited role and there were far fewer systems to manage. But times have changed. Computers and software applications have proliferated and are now essential cogs in almost every government operation.

The old fragmented, one-off model for identity management and access control just won’t fly anymore. It will be increasingly costly — and risky from a security perspective — to allow things to continue. Fragmented identity management systems are also a drag on agencies’ ability to quickly tap new online opportunities, whether they are homegrown, fielded by another agency or offered by a cloud provider.

“Access control is one of our key defense mechanisms,” said Dennis Heretick, a security consultant and former Justice Department chief information security officer. “We need to share [information] across agencies and industry, but you don’t want to share that if you think it will get to the wrong people.”

Besides bolstering security and helping to clean up an agency’s internal practices, a streamlined approach to identity management also provides a foundation that can dovetail with efforts to simplify access to government data and online services.

Therefore, for budgetary and strategic reasons, government IT leaders are seeking to make the business case to agency leaders for the construction of unified and standardized identity management infrastructures. The CIO Council has taken up the cause and released a preliminary road map and implementation guidance for agencies in November 2009, and it promised that more help will follow.

Some agencies have already started to move. USDA, for one, has launched a project to centralize 70 identity databases. The duplication of identity stores and access control mechanisms drives up the number of employees needed for those jobs, said Owen Unangst, director of innovations and operational architecture at USDA’s Office of the CIO.

Unangst, who is shepherding USDA’s identity management overhaul, said the effort will slash IT administrative costs and give the department’s workers one set of credentials — a smart card and personal identification number — to access multiple applications. But it won’t be a one-and-done deal.

“This is not a short-term project,” Unangst said. “This is something that is going to be a permanent new function, a permanent new responsibility in USDA.”

Security experts say many agencies share USDA’s experience with fragmented identity and access management systems. When the full costs of doing nothing are considered, it seems clear that some form of centralization is not only desirable but even necessary.

Problems of ID Fragmentation

Fragmented identity management causes a number of problems for organizations beyond just cost and time.

Such an approach raises several security issues, said William MacGregor, a computer scientist at the Information Technology Laboratory at the National Institute of Standards and Technology’s Computer Security Division.

The cost of enrolling users — establishing identity, assigning roles and access rights, and issuing credentials — becomes costly when multiplied across scores of applications. For that reason, organizations might wind up with a less-than-robust process for identity proofing and credentialing.

Similarly, organizations might also gravitate toward low-cost, low-assurance authentication approaches — user name/password as opposed to two-factor authentication. The latter approach involves something a person knows, such as a PIN, and something the person possesses, such as a smart card or other security token device.

“Lots of silos of identity management force the practice in an individual silo to be on the low end of the cost and capability spectrum,” MacGregor said.

Fragmentation also leads to password vulnerabilities. Users obliged to maintain multiple passwords might be tempted to keep them short and simple, which makes them more vulnerable to brute-force attacks in which hackers use powerful computer programs to try thousands of different possibilities to crack passwords. On the other hand, users who choose longer, more complex passwords might need to write them down, introducing another security risk.

“Many people, because they have so many passwords, will use simple passwords, and many systems don’t enforce strong passwords,”  Heretick said.

Account deletion presents another vulnerability in highly fragmented security settings. When an employee leaves an agency, that move must be reflected across all of the systems to which he or she formerly had access. But when access control systems abound, there’s a greater chance of an account remaining active after the user departs.

And then there are the administrative costs that mount when identity stores and access controls proliferate across an agency. Redundancy requires a larger IT staff to maintain systems. And having a multitude of passwords keeps help desks busy resetting forgotten ones.

Many users also have a desktop and laptop PC assigned to them, which further multiplies costs. Heretick said organizations incur systems administration costs for two seats plus all the applications users access. “It becomes tremendously expensive,” he said.

Disparate identity systems also drain time. Multiple log-ins, for example, steal minutes and affect productivity. Jamie Sanbower, director of security solutions at Force 3, a solutions provider that focuses on security, unified communications and data center technology, suggested that agencies “look at the end-users and determine how their day-to-day productivity is affected by multiple sign-ons.”

Benefits of ID Integration

Security executives point to a number of benefits in transforming identity and access management into a more centralized activity. A consistent approach to security is one key advantage. Organizations that try to enforce IT security directives — password policy, for example — across multiple points are bound to find that some systems fall between the cracks and fail to comply.

For agencies, Sanbower said, the biggest business benefits of tighter integration stem from reducing the risk of uneven policy enforcement and mishandled passwords.

On the cost-savings front, consolidation of identity systems reduces administrative expenses. Features such as single sign-on reduce the number of passwords in circulation and the number of password reset calls to the help desk. Some industry estimates put the cost of a reset at $25 or more per call.

The Homeland Security Department is among the agencies working to reduce passwords with a common credential, a smart card. The cards “will replace multiple PIN and password log-ins for multiple applications with a single log-in,” a DHS spokesman said.

MacGregor added that a consolidated identity store and multipurpose credential can help agencies rein in user enrollment costs. Those components can spread the cost of enrollment across numerous applications. “Enrollment is always a large fraction of the overall credential life cycle cost,” he said. “It’s not unusual to see it as a quarter to 50 percent of the cost of [issuing] credentials over the life cycle.”

Improvements in identity management could also help agencies deal with emerging trends such as cloud computing.

“As the federal government evolves to cloud computing — and services that go across federal entities not just across departments — access to those services really needs to be authenticated with strong credentials,” said George Schu, a senior vice president at Booz Allen Hamilton.

Schu also pointed to information-sharing technologies that fall under the rubric of cross-domain solutions. Those solutions aim to let government organizations exchange information across multiple security domains, either horizontally across federal agencies or vertically from the federal sector to local government entities.

“Access to these systems…[has] to be backed by strong credentials that you only get through a unified, standardized identity management process,” Schu said.

How to Get to an Integrated System 

An integrated identity and access management system involves a number of elements. They typically include a system for issuing a unique credential to every user, a central directory for storing users’ identity data, a solution for provisioning and managing user accounts, and an access component that includes single sign-on capabilities. 

Government agencies have made the most progress on the credentialing end because of Homeland Security Presidential Directive 12. Signed in 2004 by President George W. Bush, HSPD-12 calls for the federal adoption of a common credential for accessing government buildings and information systems. The directive also requires credentials to be issued based on sound criteria for verifying a user’s identity. NIST standard FIPS 201 spells out the requirements for the credential, the personal identify verification card. 

Governmentwide, nearly 4 million PIV cards have been issued to employees for 86 percent coverage. Seventy-two percent of contractor personnel have received PIV cards. 

USDA has issued 98,800 PIV cards, covering 87 percent of its employees, according to an Office of Management and Budget report on HSPD-12 status released in December 2009. USDA has also purchased products from CA that will let the department centrally manage identity and access management. The product lineup includes an enterprise directory that houses all user identities in one location. With that component in place, USDA can look for opportunities to consolidate its 70 identity stores. 

When it comes time for an agency to start enabling various software applications to capitalize on the user information from a common credential or identification system, the first step is to get an inventory of all applications, said Phillip Loranger, chief information security office at the Education Department. 

With that information in hand, officials can find out from application owners whether they intend to keep their systems around for the next three years or so. There’s no sense in enabling applications that will soon be unplugged, which means agencies will need to rank the priority of individual applications. 

Agencies have three options. They can modify applications to accept FIPS 201 credentials, they can modify them so they can interface with a portal that accepts the credentials, or they can discontinue the applications if they are too expensive to modify.

At USDA, applications will be integrated in the next couple of years. The first batch of five applications will be linked to the agency’s new identity management infrastructure by midsummer. They include agency-specific applications and enterprise-level systems, such as USDA’s AgLearn e-learning system.

USDA picked applications that will be relatively simple to integrate and would be at risk if accounts and roles were managed incorrectly, Unangst said.

This summer, UDSA will begin to prioritize additional applications for inclusion, identifying those with the highest risk. By March 2011, Unangst said he expects to have 60 to 100 applications integrated, with more to follow.

MacGregor said setting integration priorities might be among the toughest challenges in achieving integrated identity management. But agencies might be on their own when it comes to bringing applications into the world of centralized management and PIV cards.

Tim Baldridge, a computer scientist at NASA, said agencies that want to enable applications for PIV cards lack formal guidance. “There’s no document or written work that I’ve seen that would give somebody a clear path to that solution space,” he said.

The CIO Council has been working on implementation guidance. The Federal Identity, Credential, and Access Management road map and architecture the group released last year will be updated with a collection of lessons learned from early agency implementations.

A strong, internal focus can smooth the implementation task. Neville Pattinson, chairman of the Smart Card Alliance’s board of directors and an executive at Gemalto, advised agencies to appoint a program manager and, possibly, establish a program management office to oversee an identity management overhaul.

“It is a nontrivial transition, going from disparate systems to a centrally managed system,” he said.

But that shouldn’t come as much of a surprise. After all, it took more than a few years to deploy the dozens of identity management systems that most agencies wrestle with today.

Paul Broekhuyse, Ambition – The Australian.

RSA, the security division of EMC, has elevated Geoff Noble to the lofty heights of Australia-New Zealand enterprise sales manager.

He will lead RSA’s enterprise sales team, developing and applying sales campaigns.

Noble has local expertise in online business and internet security, mainly in the financial and banking sector, RSA Australia-New Zealand manager Mark Pullen says. His experience includes working with European and US banks that use similar systems. Noble was previously a banking and finance specialist at RSA.

Before joining RSA Security in 2000, he spent more than eight years in the security software sector, working for VeriSign affiliate eSign and Citrix Systems.

RSA’s security products cover identity assurance and access control, data loss prevention, encryption and key management, governance and risk management, compliance and security information management, and fraud protection.

He replaces former chief information officer Joseph Stablum, who moved to the Australian Competition and Consumer Commission as chief information officer in January last year.

Cann began his career as a policeman in Western Australia and started working for the Crime Commission in 2005.

TELSTRA International chief Drew Kelton has quit, and is believed to have taken a chief executive role at India’s Bharti.

He had been with Telstra since 2002.

His departure follows the exit of digital media chief Justin Milne in March.

broekhuysep@gmail.com

When the “ILOVEYOU” worm crippled computer systems worldwide 10 years ago this spring, authorities in the Philippines didn’t even have a law to properly charge its author.

Since that time, many countries have developed computer crime laws in part due to the 2001 Convention on Cybercrime, an international treaty that lays out legal guidelines for high-tech crime legislation.

This week, more than 300 experts met at the Council of Europe’s conference on cybercrime to discuss the treaty and better cooperation in a fast-changing landscape where criminals clearly still have the upper hand.

From advance fee frauds to spam to malicious software, the Internet has become a wild west-style frontier where law enforcement officials have had notable successes in recent years but where most cybercriminals operate with near impunity.

“Criminal actors know that law enforcement investigations take time,” said Kauto Huopio, senior information security adviser at the Finnish Communications Regulatory Authority. “They are looking for areas where they are less likely to get caught and where there are challenges in international cooperation.”

Much of the effort at the Council’s conference is focused on uniting various Internet stakeholders that have only a recent history of tenuous cooperation, such as Internet governance groups, network providers,domain-name registries, law enforcement and commercial enterprises.

Close ties between law enforcement and private companies is sometimes viewed as a sign of corruption, said Bernard Otupol, assistant director for the financial and high-tech crime sub-directorate at Interpol. In some developing countries cybercriminals have co-opted network infrastructures where police don’t have many resources.

“A lot of countries have a lot of problems,” Otupol said.

The London Action Plan is one organization that works to foster ties between industry and government on antispam and spyware enforcement and improve information sharing, said Shaundra Watson, counsel for International Consumer Protection at the U.S. Federal Trade Commission.

But that cooperation is “not a given in many places in the world,” she said.

Law enforcement officials are seeking ways to make it easier to get information from other countries during breaking cybercrime cases. They need quick information from other police agencies as well as contacts at ISPs (Internet service providers), which can help preserve electronic evidence that might quickly disappear, hampering cases.

“It’s safe to say law enforcement successes have been in spite of the landscape rather than because of it,” said Paul Hoare, senior manager and head of e-crime operations for the U.K.’s Serious Organised Crime Agency (SOCA).

SOCA and the U.S. Federal Bureau of Investigation have proposed stronger verification checks for people registering domain names and a revamp of privacy services that make it hard for investigators to find out who is running a domain.

“We actually can’t expect a lot to change on the Internet to catch criminals if we as law enforcement really can’t do our job,” said Robert Flaim, supervisory special agent with the operational technical branch of the FBI. “Right now we are fighting a ground battle, but what I propose is that we start an air war.”

Part of that effort involves looking for choke points where potential criminal activity could be blunted. Law enforcement have had increasing contacts with the five regional Internet registries (RIRs), which are entities that assign IP (Internet protocol) addresses to network providers, Flaim said.

Cybercriminals have been able to build their own networks, pretending to be legitimate businesses. The Russian Business Network (RBN), a well-known group linked to malicious software, received an IP (Internet protocol) address allocation so it could essentially act as its own ISP.

The five RIRs either already have or are close to establishing law enforcement working groups. “We are on our way to establishing good relationships with the RIRs but we have to follow through,” Flaim said.

The RIPE Network Coordination Centre, a RIR that covers Europe, the Middle East and parts of Asia, has had increased contact with law enforcement over the last few years, said Roland Perry, RIPE NCC’s public affairs officer.

“We’ve had more requests for information about how we operate,” Perry said. “We’ve had more requests for information about ‘This member of yours seems to be misbehaving can you tell me a bit more about him please’.”

Meanwhile, efforts have been underway to educate judges and prosecutors cybercrime, which can be highly technical.

Esther George, senior policy advisor for the U.K.’s Crown Prosecution Service, designed a training program for prosecutors, which is now used for the Global Prosecutors E-Crime Network (GPEN) initiative. In the U.K., some 120 prosecutors and 45 case workers now have e-crime training, she said.

But prosecuting e-crime also requires that juries understand the evidence as well. Plans are underway for videos that could be used in court that can explain, for example, how a Trojan horse works in a way that doesn’t overwhelm jurors with complicated technical concepts.

“The problem is developing this type of material is very, very expensive,” George said.

Copyright (c) 2010, IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.

DYLAN WELCH

THE push for full body scanners at Australian airports gained momentum yesterday during a visit by the deputy head of the US Department of Homeland Security, Jane Holl Lute.

She discussed the scanners with the federal Transport Minister, Anthony Albanese, during a one-hour briefing at Sydney Airport.

The meeting was part of a two-week, 10-country trip by Ms Lute to discuss stronger security measures after the attempted bombing of a US airline bound for Detroit on Christmas Day.

Ms Lute and Mr Albanese spent an hour discussing a combined response, including the prospect of using full body scanners at Australian airports.

The Federal Government conducted a six-week trial of the scanners at three airports in late 2008 to assess their effectiveness, but a report on that trial has yet to be handed to Mr Albanese. Like X-ray machines, the full body scanners can see through fabric to detect items hidden next to the skin. They can also see inside the body.

Umar Farouk Abdulmutallab, the Nigerian who is accused of trying to blow up Northwest Airlines flight 253 on Christmas Day, had boarded the flight in Amsterdam. The Dutch Government has since announced it will install the scanners for passengers boarding US-bound flights.

Mr Albanese said he had briefed Ms Lute about the Federal Government’s white paper on aviation security, which was made public last month.

”The challenge of dealing with the global terrorist threat requires an international response when it comes to aviation security and safety,” Mr Albanese said.

”What’s clear is Australia and our friends in the United States will continue to work closely to ensure that the threat of terrorism is met.”

The brief visit by Ms Lute was her seventh stop in the two-week trip, which aims at shoring up support for tighter security measures for US-bound flights.

Singapore and the United Arab Emirates were listed on her itinerary, and she had already visited England.

Source: The Age

JONATHAN PEARLMAN, ARI SHARP AND SELMA MILOVANOVIC

THE Australian Federal Police will take control of security at the nation’s 11 busiest airports within three to five years under a plan to prevent understaffing at terminals and duplication of services by state and federal agencies.

Yesterday the Federal Government urged travellers going to the United States to be at airports an hour earlier than normal to allow for body searches, following the attempted bombing of a Northwest Airlines flight on Christmas Day.

The federal Transport Minister, Anthony Albanese, said he would not change the recent decision to ease restrictions on carry-on items, despite tighter security on flights to the US. Passengers can now take knitting needles, nail clippers and tennis racquets into the cabin.

The decision to hand control of airport security to federal police was made before the botched attack on the Northwest Airlines flight and followed an independent audit of the agency by a former senior public servant, Roger Beale.

The change is expected to lead to greater visibility of police at airports and end variations in security procedures.

At present the task is shared between state and federal police under a controversial arrangement in which the Commonwealth provides the funding and protective service officers while states provide the bulk of the sworn police.

The Federal Opposition transport spokesman, Warren Truss, questioned whether the Government had exactly followed security advice when changing the rules for carry-on luggage.

”What was the advice from the security agencies, and has the Government followed it to the letter?” he said.

Mr Truss said the Coalition was concerned about cutbacks to security. ”They’ve been cutting Customs resource and staff numbers, and they’ve been cutting a lot of little things behind the scenes that you don’t notice until something goes wrong.”

The Minister for Home Affairs, Brendan O’Connor, said that under the changes protective service officers would be upgraded to fully sworn police.

The changes will take place at airports in Sydney, Adelaide, Melbourne, Brisbane, Canberra, Darwin, Hobart, Perth, Cairns, Alice Springs and the Gold Coast.

Jim Torr, chief executive of the AFP Association, said the move would improve security. ”We were always dubious about bringing state agencies in to police interstate airports.” At present, he said, eight agencies were charged with performing the same functions, so the changes were appropriate.

The Beale audit, published two weeks ago, said some state police agencies were opposed to the move.

”Even with generous Commonwealth support, not all states have been either willing or able to provide the pledged level of staffing,” it said.

”The audit has reluctantly concluded – acknowledging it is a view not shared by a number of chief police officers – the [Commonwealth] model is likely to be more sustainable in the long run.”

On Saturday, the US Transport Security Administration introduced new security for all flights into the US until at least tomorrow, including pat-down searches at airport gates, physical inspection of all bags and a requirement that passengers stay seated for the hour before landing.

Ewin Hannan - The Australian

• Staff allege security lapse
• Union threatens luggage ban
• All the latest travel news

QANTAS has been hit with new safety fears after staff allege bags were not adequately checked before flights.

The International Transport Workers Union (ITWU) has initiated separate legal action in the Federal Court alleging that checked baggage was not adequately screened and cleared before it was put on Jetstar aircraft on five occasions, The Australian reports.

The ITWU is threatening to impose bans on the loading and unloading of bags on Jetstar flights throughout the Oceania region unless the Qantas subsidiary addresses concerns over the alleged security lapses at Sydney airport.

The union claims to have written statements from Qantas employees alleging that bags were not adequately checked before flights bound for New Zealand, Honolulu and Phuket, in Thailand.

Tony Sheldon, the union’s national secretary, said he expected the ITF action could lead to disruption to passengers.

“I have no doubt whatsoever there will be a real possibility of restrictions on Jetstar around the Oceania area and I would expect that this will snowball into a response around the world,” Tony Sheldon, the union’s national secretary, said.

“We take national security extremely seriously . . . and it’s our workers, it’s the families of our workers, that will be on the receiving end of this short-term, short-sighted approach.”

Qantas last night rejected the union claims. “This would appear to be another example of the TWU running an industrial campaign on the back of dubious occupational, health and safety, and security claims,” a spokesman said.

“This was something it did earlier this year and which damaged our business, inconvenienced our customers and was ultimately declared illegal industrial action.

“We are completely confident in our management of our security and OH&S responsibilities across the Qantas group.”

Ms Sheldon said the union had consistently raised its concerns with the federal government, the Sydney Airport Corporation and Qantas.

AAP – Fri Oct 23 13:25:00 EST 2009A PEDOPHILE ring is likely operating inside Customs, a Senate inquiry has been told.

The claim was made by former Customs officer Richard Smolenski at the inquiry in Canberra today.

“My view is that a pedophile group is operating still in the Customs service,” he said.

The inquiry is investigating the Australian Commission for Law Enforcement Integrity.

Mr Smolenski says child porn was found in staff lockers during the 1990s but no-one was ever prosecuted.

He called for laws to be changed so they would “cover the Australian Customs service from the highest office to the lowest-ranking officer and everyone in between.”

Inquiry chairwoman Melissa Parke immediately alerted Customs chief Michael Carmody, who attended the hearing, to the claim.

“We will be sending you a copy of the transcript from this morning and we’ll also be sending a copy of that to the Commissioner for the Australian Federal Police.”