by Cheryl-Anne Sturken | May 01, 2018

In October 2017, when a lone gunman killed 59 people and injured more than 500 others attending an outdoor music festival in Las Vegas -- an act he committed from a 32nd-floor guest room he had converted into a sniper's nest at the Mandalay Bay Resort & Casino -- the topic of hotel security was thrust into the national spotlight. How, asked many security experts, hoteliers and the general public, was Stephen Paddock, the 64-year-old shooter and a frequent guest of the hotel, able to take nearly two dozen rifles and handguns, along with hundreds of rounds of ammunition, up to his room without anyone at the hotel noticing something was amiss?

Video released in the months following the horrific incident shows him riding the hotel's service elevator and chatting with hotel employees as he transported several pieces of luggage filled with weapons to his room. Even more perplexing was the fact that the events unfolded in a casino hotel outfitted with hundreds of surveillance cameras because of the large amounts of cash on premises.

"I have watched that hallway surveillance tape many times, and I can't believe they didn't pick up on all the suspicious activity and red flags this guy was giving off," says Peter Yachmetz, a retired FBI agent with 29 years of field experience in behavior assessment, who now runs his own security consulting business in Florida. "How many people come into a hotel and go up a service elevator with huge amounts of luggage?"

Following the release of the video, Debra DeShong, senior vice president of global corporate communications and industry affairs for MGM Resorts International, Mandalay Bay's parent company, stated, "Paddock gave no indication of what he planned to do, and his interactions with staff and overall behavior were all normal. MGM and Mandalay Bay could not reasonably foresee that a longtime guest with no known history of threats or violence, and behaving in a manner that appeared outwardly normal, would carry out such an inexplicably evil, violent and deadly act."

Still, questions linger. And, as the hotel industry watches and waits for the outcome of the more than 450 lawsuits related to the shooting that have been filed against MGM Resorts International, Mandalay Bay Resort & Casino and the promoters of the outdoor concert, Rte. 91 Harvest -- litigation that could take years to unfold -- hotels and casinos have been forced to confront their security vulnerabilities.

Balancing Security and Hospitality
Hotels are in the hospitality business, so the idea of moving to the standard airport-terminal model of explosive scanners, X-ray machines, bag searches and pat-downs is not desirable. "Hotels don't want to create an environment that when you walk in, you are going to feel there is a problem. That is not the image they want to project," says Fred Del Marva, a Glendale, Ariz.-based security expert and private investigator.

In countries such as Egypt, India, Indonesia and Libya, however, a heavy premium is placed on physical security, and it has become increasingly intense and invasive. Visible, heavily armed guards at entrances, explosive-trace detectors, X-ray systems and even facial-recognition software that allow employees to identify visitors as they approach the hotel, are routine -- and for good reason, in light of high-profile acts of terrorism that have occurred at various properties over the past few years. Among such incidents:

 In India in 2008, the luxury Taj Mahal Palace Hotel was one of the buildings bombed and stormed by militants in a series of coordinated attacks across the city of Mumbai that left a total of 166 people dead.

 In Indonesia in July 2009, nine people died in a double-suicide bombing targeting the luxury Ritz-Carlton and Marriott hotels in Jakarta's business district.

 In late 2015, a nine-hour siege at the luxury Radisson Blu Hotel, Bamako, in Mali's capital left 20 people dead, including 14 foreigners.

 As recently as this past January, in Afghanistan, Taliban gunmen stormed the InterContinental Kabul, killing 18 people, including 14 foreigners. Some 160 hotel guests and employees were eventually rescued after Afghan special forces fought throughout the night to regain control of the six-story hotel, but not before several guests trapped on the top floor had jumped to their deaths.

In the U.S., however, security at hotels, other than those cash-filled casinos, is largely focused on avoiding petty theft, limiting late-night lobby brawls, curbing drunk behavior, responding to noise complaints and ejecting non-guests found prowling the hallways seeking a crime of opportunity provided by a random guest-room door left ajar.

"Because of the media, active shooters get a lot of attention," notes Paul Frederick, co-founder of Hospitality Security Advisors in the New York City area and former head of global security for Starwood Hotels & Resorts. "The reality is that hotel theft is much more likely to occur. I wouldn't say that hotels are investing in hardening their facilities, but they are spending a lot of money preparing and training their staff. The most positive thing that ever came out of 9/11 is the 'If you see something, say something' philosophy. It really has helped."

Stephen Barth, Conrad N. Hilton College
of Hotel and Restaurant Management

"The biggest challenge today is that brands have moved away from owning hotels to an asset-light franchise mode," says Stephen Barth, professor of law and leadership at the Conrad N. Hilton College of Hotel and Restaurant Management at the University of Houston, and founder of the online site HospitalityLawyer. "In the franchiser relationship, the franchise hotel is expected to manage safety and security protocols for themselves." And, that, he adds, can differ wildly from hotel to hotel, even within the same brand.

Making Changes
After the Mandalay Bay shooter incident, there was intense media chatter about hotel security, and much speculation from security experts on what changes needed to be made and programs implemented. All of the hotel companies contacted for this article -- including Marriott, Hilton, Hyatt and Omni -- declined to comment, saying they never discuss security protocols at their properties.

"My guess is we will see more security cameras at many hotels and more monitoring of people who bring many large packages to a hotel room," says Bjorn Hanson, clinical professor with New York University's Preston Robert Tisch Center for Hospitality and Tourism. "But I don't think the Las Vegas event will lead to more intrusive measures." Hanson adds, however, that pressure for greater security could come from the insurance industry, which could lead to more rigorous training on aspects such as noticing suspicious behavior or reporting unusual items in guest rooms.

Since November 2017, Hilton Worldwide, Walt Disney World, Boyd Gaming as well as Hong Kong-based Shangri-La Hotels & Resorts have amended their "Do Not Disturb" guest-room protocols. For Hilton's part, last November the chain instructed all properties to update their guest directories with the following language: "We understand and respect your need for privacy. The hotel reserves the right to visually inspect all guest rooms every 24 hours to ensure the well-being of our guests and confirm the condition of the room."

One month later, Walt Disney World replaced "Do Not Disturb" signs at four of its Orlando resorts with "Room Occupied" signs. The company's new policy requires that a hotel employee enter every guest room every 24 hours at its Polynesian Village Resort, Grand Floridian Resort & Spa, Contemporary Resort and Bay Lake Tower, which are along the Monorail loop in the Disney's Magic Kingdom theme park. New guest information packets state, "The hotel and its staff reserve the right to enter your room for any purposes including, but not limited to, performing maintenance and repairs or checking on the safety and security of guests and property."

Similarly, Lori Lincoln, corporate director of communications for Shangri-La, reports that her chain's new policy decrees "all occupied rooms will be checked at least once a day."

Boyd Gaming, which operates 10 hotels in Las Vegas, also changed its "Do Not Disturb" policy. "We advise people upon check-in that we will conduct a safety and welfare check after a 'Do Not Disturb' sign has been in place for two consecutive days,'' as opposed to the former three-day policy, according to spokesperson David Strow. "That policy applies to all of our properties."

While none of the these hotel companies has said their policy changes were in response to the Las Vegas attack, the timing is hard to ignore. Shooter Stephen Paddock reportedly had placed a "Do Not Disturb" sign on his Mandalay Bay guest room for the three days leading up to his shooting spree.

Paul Frederik,
Hospitality Security Advisors

"Hotels are very good at learning lessons," says Paul Frederick. "Every time they hear of a case, lawsuit or incident, they make changes. They are very good at talking and collaborating with other security directors."

Turning to Technology
When talk turns to security, most people think of hotel surveillance cameras. The truth is that because technology is moving so fast in the smart-lock sector, more data is actually captured from the locks on guest rooms.

Every time a smart lock is activated, it compiles information on when and how the room was accessed, including by which type of hotel employee -- housekeeping, maintenance or room service -- time of exit, if the door did not lock properly and if a fraudulent key was used to gain entry. And, when suspicious activity is reported to the hotel's main server, closed-circuit cameras in the area can be redirected to record it and have security staff dispatched to the room. "Locks have become so intelligent, they are monitoring every room in real time and relaying it back to the in-house system," says Frederick. "They are basically creating forensic data."

Clear, the New York City-based company that uses biometrics -- a fingerprint and iris scan -- to speed travelers through airport security in dedicated lanes, is now bringing its technology to the hotel industry, with systems in place at 24 properties in the U.S. so far. The goal, says Joe Trelin, Clear's senior vice president of corporate development, is to make secure check-in at hotels as smooth as possible.

"When you scan your finger or iris, the device recognizes who you are, brings up your reservation and prints out your key," says Trelin. "You can also move your key to your smart phone." By using biometrics at the check-in point, he adds, there is no need for guests to take a wallet and hand over credit cards, which can then be compromised. "There is no exchange of personal data, because your identity is the point of sale," he notes.

Meanwhile, the 2,956-room Westgate Las Vegas Resort & Casino, adjacent to the Las Vegas Convention Center, is going beyond standard surveillance cameras and security guards and beefing up its security infrastructure with groundbreaking new technology. The hotel has begun testing a new tool marketed by Patriot One Technologies, a Toronto-based security-tech firm. Called Patscan Cognitive Microwave Radar, it is small enough to fit into turnstiles, doorways and panels, and can detect a range of concealed weapons, including knives, pistols, rifles, machetes and pressure-cooker bombs, using a weapons database. If a match is made, the device sends a signs that notifies the hotel's security system.

"We want to maintain a safe environment, and we don't want guests bringing weapons on-site," says Mark Waltrip, chief operating officer for Orlando-based Westgate Resorts. "We don't want that kind of surprise."