I went through the process of signing up to fly into the “Maryland 3″ this past week. The “Maryland 3″ (sometimes called the DC-3) are the three airports within the Washington flight restricted zone (FRZ) — College Park Airport, Potomac Airfield, and Hyde Executive Field. I travel to Washington, D.C. for business a fair amount, and it’d be nice to fly myself instead of US Airways (I’ve mentioned a couple of times how much I hate them). I’ll talk about the process in detail in a future post, but first I’d like to review how we’ve come to this point.

Before the September 11, 2001 terrorist attacks, the airspace around Washington, D.C. was unexceptional. There were small prohibited areas over the places you’d expect — the White House and Capitol, the Naval Observatory (home of the Vice President of the United States), et cetera — and the usual Class B airspace around the three large area commercial airports, Ronald Reagan Washington National, Baltimore-Washington International, and Dulles International. General aviation traffic over the nation’s capital was essentially as unrestricted as it was over any other major metropolitan area.

After September 11, the FAA imposed a temporary flight restriction on the area around Washington, forbidding any general aviation flights within 15 nautical miles of Reagan National Airport. (A similar flight restriction was put in place over New York City, but it was removed by mid-November.) By the end of February 2002, the FAA had implemented the precursor to the current policy, allowing pilots based at the 3 airports inside the TFR to undergo a Secret Service background check and file a special flight plan in order to fly in and out of their home airport.

For several months in early 2003, progress took a step backwards. On February 10, 2003, as a result of highly publicized airspace incursions (in other words, morons flying over Washington, D.C. without a clearance) and the national threat level being raised to “orange,” the FAA announced the implementation of the Washington ADIZ — which required that pilots entering an area roughly the shape of the Class B airspace of Reagan National, Baltimore-Washington International, and Dulles International airports from the ground to 18,000 feet acquire a discrete transponder code and maintain communications with air traffic control — and placed new restrictions on the Maryland 3, including the requirement to undergo security inspections before takeoff, and to land at a “gateway” airport in Annapolis for inspection before entering the flight restricted zone. The new Maryland 3 restrictions remained in place until the national threat level was lowered to “yellow,” but the ADIZ remained even afterwards.

Aside from the “gateway” airport restrictions coming and going depending on the national threat level, procedures at the Maryland 3 remained the same for two years. It wasn’t until February 2005 that the FAA transferred authority for the Maryland 3 procedures to the Transportation Security Administration, and the current procedures came into effect. These include driving to the airport you’d like to have clearance to fly into (such as College Park) and watching a TSA security video, driving to the Flight Standards District Office and having your documents reviewed, and being fingerprinted at Reagan National Airport.

Here’s a link to the government’s page on the Maryland 3 procedures.

Finally, the Washington, D.C.-area air defense identification zone, or ADIZ, has been reduced to a smaller, easier size and shape:

Now, instead of the Mickey-Mouse shape that encompassed the outline of all three area Class B airspaces (from the surface to 18,000 feet), the ADIZ is an almost-perfect 30-mile-radius circle around the DCA VOR at Ronald Reagan Washington National Airport. This removes several airports from the ADIZ, most notably Martin State Airport in Baltimore, and only adds one, the Quantico Marine Corps Airfield, which isn’t available to the public anyway. So this is a major win for general aviation.

It’s also a major win for everyone, because the ADIZ puts a burden on the air traffic control system (since the controllers have to identify, communicate with and keep track of every VFR flight within the ADIZ boundaries), it puts a burden on the military and civil patrols that are forced to respond to the hundreds of innocent aircraft who accidentally stray into the ADIZ boundaries, and it provides absolutely no additional security to the Washington area. The biggest victory will be when the ADIZ finally goes away entirely.

I’m delighted that I won’t have to worry about the ADIZ during my flights to Martin State Airport anymore. It hasn’t been as bad since I received my instrument rating, since I could just fly in IFR and there was essentially no difference within the ADIZ than on any other IFR flight (except that I couldn’t cancel IFR until I was on the ground, which I wouldn’t have anyway since Martin State is a towered airport). Flying into the ADIZ VFR, though, was nerve-wracking. It was always hard to reach a controller, since the frequencies were generally overburdened with other VFR traffic trying to get their ADIZ squawk codes. I spent 15 minutes circling around outside the ADIZ at one point, trying to raise someone while also watching for other traffic; since you could only enter the ADIZ via a couple of different points along its border, there was a very good possibility that someone else would be circling around in exactly the same spot trying to get their ADIZ clearance at the same time that I was trying to get mine. It was a mid-air collision waiting to happen (again, for no other reason than to allow security people to claim that they’re doing something, because the ADIZ doesn’t make the Washington area more secure).

It took the FAA six years to make this long-awaited modification. Hopefully they’ll go the rest of the way within the next six.

This ComputerWorld article about security vs. productivity just about sums it up, especially this bit here (and check out the comments in that article):

One blunder, and we’re front-page news. Not on my watch, thanks.

Security offices are all about ass-covering, and it’s instructive that she works for a government organization, where you don’t have to worry about the security/productivity trade-off as much because there’s little risk of going out of business and putting your own job at risk; you’ll just spend more taxpayer dollars.

See also: NMCI. Most successful productivity destroyer in the history of security boondoggles.

For the past year or so, my employer has had a new policy in place to improve the security of our passwords: all passwords must be at least fifteen characters and they must contain two lowercase letters, two uppercase letters, two numbers, and two non-alphabetic non-numeric symbols (like @ and %). Passwords must be changed every 60 days, and you can’t use some number of your last passwords, but I haven’t figured out what that number is yet.

Except for passwords that I use every single day (which is actually very, very few) and therefore have some chance to remember, this means I have to do one of two things. Either I create a 15-character, impossible-to-remember password and forget it, requiring a call to tech support to reset my password (and if it’s after 5 PM and tech support is gone for the day, so is my opportunity to get anything done), or I write the password down someplace, which seems to me to defeat the purpose of complex passwords.

Can’t we balance the complexity of the password and the amount of time I have to waste getting passwords reset and coming up with new ones every 60 days, against the likelihood that somebody would want to input a time-off request for me or file a travel claim in my name? Is it really necessary for these systems to have this kind of password complexity?

President Bush is coming to Newport this Thursday.

It will be interesting from a piloting point of view because this will be my first experience with the temporary flight restrictions that move around with the President of the United States. The TFR is a lot bigger than I expected; there will be no-fly zones for ten nautical miles around both Quonset State Airport, where I presume Air Force One is going to land, and the Naval War College, where the president will be speaking. There’s also a zone with a 30-nautical mile radius which appears to impose restrictions along the lines of the District of Columbia ADIZ (air defense identification zone)–you’re allowed to fly in it, but you have to be on a discrete transponder code, and you have to be in contact with air traffic control. Additionally, flight training, parachuting, and other flight activities that don’t involve flying in a straight line from one place to another are disallowed. This 30-mile zone is going to include the airports in New Bedford, Taunton, Block Island, and Westerly.

(Click on the map for a larger version.)

Newport State Airport, of course, is within both 10-mile no-fly zones, and it’s where my airplane is tied down, so I’ll be barred from flying for the duration of the restrictions, which are scheduled to be in effect from about 10 AM to 4 PM.

I don’t think it’s been announced yet, but I assume that the president will be transported via helicopter from Quonset State Airport to the Naval Station in Newport, rather than motorcading across the Narragansett Bay bridges.

What are your opinions on the temporary flight restrictions? My first impression is that they’re unlikely to stop a determined attacker. How hard is it to get a discrete transponder code and to stay in contact with air traffic control, which is enough to get within 10 nautical miles of the president’s location? From there, even a slow general aviation aircraft would be able to cover the distance before the president’s security team could likely react. I don’t want to see the no-fly zones get any bigger, though; while the president’s safety is important, so is not having his travel shut down the aviation economy within large radii of his location. This Thursday, for example, anyone who has scheduled any sort of flight training, parachute jumping, or banner-towing is going to have to re-book; those activities are forbidden even within the larger 30-mile circle. General aviation activity at Providence, Quonset, and Newport is going to be halted entirely. Flight instructors, sightseeing operations, and many other small aviation-related businesses within 30 miles of the Naval War College are going to lose over 6 hours of business.

And of course, scheduled airline service into Providence (which is within the 10-mile no-fly zone) is completely unaffected by the flight restrictions–even though the only aviation-related terrorism we’ve experienced has been committed on or against scheduled airliners.

I’d love to hear your comments and opinions; please send them to comments@charlesorourke.com and I’ll respond in a future column.