Saturday, July 9, 2011

When there are multiple security programs, is there any security program?

[DISCLAIMER: I AM EMPLOYED IN THE BIOMETRICS INDUSTRY. THE REASON FOR THIS DISCLAIMER WILL BECOME OBVIOUS AS YOU READ THIS POST.]

The Minneapolis Star-Tribune reprinted a Chicago Tribune article (and yes, it's from this year) that was originally written by Jon Hilkevitch. The Star-Tribune's article title is "Pilot screening test raises security fears." Hilkevitch contacted a number of organizations regarding the "KnownCrew" test at O'Hare and Miami International Airports. Among the organizations contacted by Hilkevitch were the Reason Foundation, the Air Transport Association, Congressman Bennie Thompson, and the Airports Council International.

I was curious about the Reason Foundation's stand on the KnownCrew program. In the article, the Reason Foundation's Robert Poole decried the lack of biometric verification of KnownCrew participants. (KnownCrew relies on visual examination of a photo ID, coupled with textual information on the person gathered from employment records.)

But when I went to the Reason Foundation's own website, Poole painted a picture of a system that goes well beyond whether or not it uses biometrics. Actually, I shouldn't say "system" - I should say "systems." But first, let's start by looking at the need for a separate system for airline personnel.

It ought to be a no-brainer: provide a simple way to enable cockpit and cabin crew to bypass TSA’s one-size-fits-all screening checkpoints. After all, cockpit crews have control of a potentially lethal guided missile. Some are authorized to carry guns, and all have access to a large rescue axe in the cockpit; surely we don’t need to check them for box-cutters.

So a system was approved for test.

CrewPass .. has been in airport testing (at Pittsburgh, Columbia, and Baltimore) since June 2008. It meets the basic requirements set forth by TSA in June 2009 (real-time verification of employment, biometric confirmation of identity, and capable of handling both cockpit and cabin crew). It uses ARINC’s Cockpit Access Security System (CASS), but many airlines don’t want to pay ARINC to gain access to their own data employee data for this purpose. And CrewPass is intended to be domestic-only, which limits its appeal to many airlines with extensive international routes.

So a second system emerged.

Southwest proposed a test of a different system, which TSA allowed to be implemented for a two-month pilot program at BWI in autumn 2008, jointly sponsored by Southwest, its pilot union, the Coalition of Airline Pilots Associations (CAPA), and Priva Technologies (which developed the biometric verification technology). That test was considered a success. Last November, American Airlines proposed an improved version of that system to be implemented first at its DFW hub. Called SecureCrew, it has been endorsed by the International Air Transport Association (IATA) as the proposed international system, with KLM designated as the first international participant.

The request for KLM participation was denied by TSA, by the way.

Now the third system, KnownCrew, has emerged:

The Air Transport Association (ATA) and pilots’ union ALPA have received TSA approval to test their KnownCrew system at Miami and Chicago O’Hare, beginning as early as the end of June. ATA will provide laptop computers for TSA checkpoints at MIA and ORD, which will tap directly into airline personnel databases to verify employment status (bypassing ARINC’s CASS). It will apparently not include a biometric verification—both SecureCrew and CrewPass use fingerprints for this purpose—which means it does not comply with all of TSA’s June 2009 specifications.

So there are three...um...pilot systems, none of which has been approved. Poole blames TSA for the current impasse:

It needs to move speedily to a decision and get the selected system into widespread U.S. airport use.

Now however one might feel about biometrics, or however one might feel about airlines having to pay someone else to access their own data, the fact remains that for whatever reason, there are now three competing security systems. And while competition is certainly good in the economy, the use of three differing security systems causes big security loopholes, since a potential security threat can pick and choose his/her entry into the system based upon the security technology that will let him/her through the security gate.

Multiple security programs result in no security program at all.

Granted that this is a pilot, but based upon the way that government works, who knows how long it will take to resolve the differences between the various systems.

(And I repeat my common assertion: for those who fear that Big Brother will result in a bunch of agencies working together to gang up on you, this is yet another example of how a single agency is unable to work with itself. If the TSA can't agree on something, then how are the TSA and Mossad and the Rockefellers going to work together?)
blog comments powered by Disqus