May 20, 2015 -
The International Biometrics & Identification Association (IBIA) has spoken out against the Transportation Security Administration’s (TSA) decision to exclusively use biographic data solutions in order to expand the PreCheck travel screening program, arguing that biometrics should continue to serve as the procedure’s foundation.
The TSA issued an RFP in late December for PreCheck expansion that seeks third-party vendors to “pre-enroll” passengers into the program, which would allow private vendors to use commercial data and proprietary algorithms to create a “risk-score” for passengers to determine eligibility.
The RFP was temporarily withdrawn for various technical and policy reasons that are currently being resolved, however, the TSA has reaffirmed its intention to change the established screening process for PreCheck applicants to depend on data from commercial data brokers and proprietary risk-scoring algorithms.
“This new practice lacks the necessary accuracy to identify security risks and poses a serious threat to applicant privacy, noting that the current system of biometric-based FBI criminal history records checks (CHRC) has a true match rate on fingerprints of 98.6%, whereas the performance of these algorithms varies greatly and remains largely unproven on such a mass scale,” said Tovah LaDier, IBIA’s managing director.
The FBI biometric-based CHRC is considered a key aspect of background checks worldwide and throughout the US, serving as the foundation of TSA’s security threat assessment process for the program.
Now TSA has called on vendors to perform less-reliable, name-based background checks that include personal data taken from social media, location information, retail purchase history, and blog posts.
“We’re talking about teaching machines how to spot dangerous behavior, Chris Calabrese, senior policy director at the Center for Democracy and Technology, told the FederalTimes. “It’s easy to do when you’re talking about credit card fraud; there’s billions of transactions and lots of fraud and you can teach the machine exactly what to look for. It’s very hard to do when it comes to terrorism, for which there are very few examples and which are very diverse.”
The IBIA argues that biometrics already are already an integral part of the traveler vetting performed by most DHS components, offering proven benefits.
Additionally, the TSA’s proposed use of commercial data and proprietary risk-scoring algorithms could result in identity theft in the event that cybercriminals successfully compromise personal biographic data, addresses, driver’s license numbers, and credit card numbers.
Alternatively, biometrics used in prescreening applications like PreCheck only describe the user’s physical identity, whose value pales in comparison to large amounts of personal biographic, and other commercial data, says IBIA.
The IBIA urged the TSA to reconsider its plan to rely only on private company partnerships that use biographic data in the PreCheck application process.