Welcome to the Fast Track

R. A. Hettinga rah at shipwright.com
Fri Mar 26 08:07:32 PST 2004


They didn't say where to, exactly, but we can guess...

Cheers,
RAH
-------

<http://www.forbes.com/fyi/2004/0329/066_print.html>

Forbes



EZPass
Welcome to the Fast Track
Matthew Reed Baker,   03.29.04



Airport security can be traveler's hell. If you've been waiting for a quick
pass, you may not have to wait much longer.
 On a hot Wednesday evening last summer, Ed Larson was waiting in a
passenger screening line at Philadelphia International Airport when the man
ahead of him tried to get a bullet through the X-ray machine. It was a
replica attached to a keychain, about two inches long, perhaps for a .357
Magnum, and security personnel wanted to confiscate it. "The guy went
absolutely berserk-o," says Larson, a vice president at Wachovia
Corporation's headquarters in Charlotte. "The line was backing up, and
there was a lot of pent-up anger as it became clear he was fighting over a
bullet. I mean, I can't even get my shaving blades through security!"

Most agree that security nightmares at many airports have decreased since
tough new measures were first imposed following the terror attacks of
September 11, 2001. But bottlenecks are still common--and unpredictable. In
response, the U.S. government's Transportation Security Administration
(TSA) hopes to begin streamlining the security process for frequent flyers
as soon as this year. With the involvement of private technology companies,
the agency is developing a system that aims to keep security tight while
making travel easier and faster for passengers who often have to arrive at
the airport two hours ahead of takeoff. "If there were something like an
E-ZPass for frequent travelers," says Larson, "I'd have to say I'm
interested."

Last October, the TSA received $5 million from Congress to begin testing
its "Registered Traveler Program," a less Orwellian name than previous
suggestions that singled out "trusted" or "known" travelers. The idea
sounds simple: Passengers who choose to enroll in the program would have to
pass a deeper background check than the usual commercial-database searches,
such as those performed by banks when you open a new account. Once the
traveler is cleared as no-risk, the information is encoded on a
computerized "smart" card, along with the traveler's unique biometric data,
such as fingerprints or iris patterns. Registered travelers would still
have to pass through a magnetometer, but unless the machine were to go off,
they would be exempt from those wand-waving "secondary screenings" and
behind-the-partition gropings that now befall about every seventh person in
line. Eventually, a separate queue may become available for registered
travelers. Enrollment could cost less than $100 a year.

If the TSA's plan sounds vaguely familiar, it's because some of its basic
structure is derived from CAPPS II (Computer Assisted Passenger
Prescreening System), a controversial agency initiative launching this year
that would require the airlines to provide the name, address, telephone
number and date of birth of all airline passengers. The information would
be checked against government watch lists, and each passenger would be
assigned a numerical and color rating based on their level of risk. Unlike
CAPPS II, however, the Registered Traveler Program would be strictly
voluntary.

And how many volunteers might actually welcome the E-ZPass--or at least the
E-Zer Pass--at check-in? A 2002 Business Travel Coalition survey queried
roughly 400 frequent business travelers--all of whom expected to purchase
an average of 38 round-trip tickets for that year alone--and found that
more than 70 percent of them supported the idea.

While prescreening remains in its early stages in the U.S., similar systems
are up and running at Amsterdam's Schiphol Airport and Tel Aviv's Ben
Gurion Airport, one of the most security-conscious facilities in the world.
Six years ago, Texas-based Electronic Data Systems (EDS) set up its Express
Entry system at Ben Gurion, and today more than 100,000 travelers have
enrolled, or about 15 percent of the airport's passenger traffic. (A $25
registration fee pays for the background check, the biometric encryption
and the I.D. card.) The system ensures that individual travelers have no
criminal record over a 10- to 15-year period. A "smart card" is encoded
with this information as well as hand-geometry data, which contains dozens
of measurements of the fingers, shapes of knuckles and distances between
joints.

Upon arrival at Ben Gurion Airport, registered travelers proceed to an
automated kiosk where they swipe the card and have their hands read by a
scanner. The result has been impressive: Time spent at passport control has
dropped from almost two hours at peak periods to an average of 20 seconds.

"[The system] provides two levels of security," says Mike Hulley, president
of EDS Transportation Global Industry Practice. "First, you're really
proving the person is who they say they are, and second, you're proving
that this person has a good background. Biometrics are not infallible, but
smart cards are triple-encrypted and 99.99 percent safe. Any tampering with
the card destroys it, and if for some reason you don't get a match, you are
sent back through regular security." So far, says Hulley, the system has
handled more than two million entries and exits without a single security
breach.

Ben Gurion is only one airport, however. The TSA must contend with 450 U.S.
airports, which makes standardizing any one system difficult. And then
there's the thorny question of privacy: How much information is enough;
exactly what criteria deem a passenger no-risk; and who keeps the data?

"The technology is easy compared to how difficult the policy is," says
Jeremy Grant, vice president with Maximus' enterprise solutions division,
which is developing a similar system called FlySecure. "Privacy is a huge
concern in any system that uses background checks and biometric
information. You need a number of safeguards, such as provisions that limit
the information to what's needed for that time, and also strict limits on
disclosure so that it's not abused. On the tech side, you also have to make
it secure so that nobody can hack into it."

That the Registered Traveler Program is voluntary would seem to eliminate
any possibility of institutional coercion to surrender privacy. Still,
Barry Steinhardt, director of the American Civil Liberties Union's
Technology and Liberty Project, recently warned: "It would not likely
remain truly voluntary for long as passengers are for all intents and
purposes forced to get one in order to avoid humiliating and inconvenient
'second class' treatment at the gate." Steinhardt continued: "Not only are
terrorists going to be able to bypass security through forged documentation
and fallible technology, the little guy is going to be subjected to the
same hassles at the airport, while the first-class or business passenger
gets a free pass."

It is perhaps premature to condemn the Registered Traveler Program as
technologically flawed and elitist before it's even been tested. There is,
in fact, at least as much reason to believe that the system will be
sufficiently secure and, like airline travel itself, inexpensive enough to
be available to most people who choose to use it.

Just when we'll have that choice is hard to predict. But it probably won't
be too long until some form of an E-ZPass begins easing rush-hour lines at
airports. Until then, like Ed Larson, we'll all just have to bite that
bullet.



THE EYES HAVE IT
>From James Bond to Tom Cruise in Minority Report, iris scans have given
many a movie a futuristic allure. But the reality is that the technology
may soon be coming to an airport near you.

Unlike a finger scan, which typically identifies 40 data points, iris
recognition confirms more than 250. No two irises are alike: Even a
person's left and right eyes are different, and identical twins do not
share the same patterns. Consequently iris scans have an error rate of only
about 1 in 131,000, compared with roughly 1 in 500 for fingerprints.
Machines used to scan irises, however, are far more expensive than those
used to match fingerprints, and training users takes longer.

One place it is successfully at work is at Amsterdam's Schiphol Airport,
where thousands of eyeballs have been scrutinized since the program began
in 2001. Passengers enrolled in that airport's registered traveler system
swipe their Privium smart card through a scanner, stare into a video camera
and, in the blink of an eye, they're through.




-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list