TSA has big biometric ID management plans. Privacy, paranoia remain hurdles
Two decades after the U.S. Transportation Security Administration was formed to prevent people from bringing hazards aboard commercial jets, TSA officials say they are ready to raise the curtain on an agency that is more focused on biometric identities.
The interminable search for threats like explosives and handheld weapons is not going away. But the government is building what officials say will be a massive, integrated biometric-data security infrastructure designed to keep terrorists and criminals away from gates.
There are only two surprises in a recently published TSA roadmap for digital identity — in this case, largely facial recognition — management.
One is that it took the U.S. government’s youngest bureaucracy so long to make it a defining feature. The other is a less-than-robust statement on travelers’ privacy.
Examples of serious ID management programs have been or are well on the way to being a major focus in overseas intelligence, defense and NASA.
The department’s goals are boilerplate, a list any number of large companies have drafted for their own digital ID management launches.
Overall, the TSA wants a cohesive ID management infrastructure across the department and with outside partners that improves security, increases the number of people using the infrastructure, makes traveler experiences better and boosts operational efficiency.
TSA has produced a three-minute video depicting the use of CAT-II devices from Idemia to add biometric matching to document checking, in a two-step, self-serve process. The video depicts TSA’s one-to-one face biometrics matching and facial recognition checks against passenger manifests for flight boarding. The agency is also working on an automated gate version, called AutoCAT.
To date, critical digital ID management functions have been administered separately. That includes enrollment and reservation, ID proofing, vetting and ID verification.
Officials also have four specific goals set out in the roadmap.
ID management must make enrollment and travel reservation better. Also, officials want to expand and update standards for ID proofing to support vetting and verification tasks. At the same time, the TSA wants to continuously upgrade agents’ vetting capability as attacks and threats evolve. And last, officials want appropriate ID verification supported across the department.
Comparing what the TSA wants to achieve to like efforts at NASA, the defense department and others is not hyperbole. The department claims that this year, 3 million passengers of commercial aircraft will be vetted each day.
The roadmap spends less time on privacy, however.
The department will “incorporate privacy considerations into each phase” of ID management development. Unspecified restrictions will stop biometric and biographic data from being used for anything but transportation security.
Elsewhere in the document, it says the TSA “recognizes its important role in safeguarding” the personal information that people volunteer “and will continue to adhere to laws” covering privacy.
To illustrate just how difficult the privacy puzzle is for the TSA, this month it was forced to respond to questions about the collection of historical Amtrak passenger manifests.
In December, the TSA said Amtrak officials asked the agency (which also oversees rail travel) to assess the threat posed by passengers. Data was collected for completed travel — not scans prior to a trip — including billing address, phone, email, ticketed destination and actual destination.
Passengers were checked against watchlist to see if criminal suspects on a watch list were riding the rails.
For reasons not given, the TSA published a note April 8 clarifying what was done for the privacy impact assessment and why. It is a safe assumption that questions or complaints about the project prompted an official to explain again in hopes of stanching more vocal protests.
Also on April 8, an anti-government conspiracy group had posted online information that could lead some people to think the TSA was looking at reservations and not records of past travels.
The piece said the December notice was “quietly” made public. It was posted at the same volume as virtually all of the thousands of notices that come out of Washington, D.C. daily.
airports | biometric identification | biometrics | Credential Authentication Technology (CAT) | digital identity | facial recognition | identity management | identity verification | transportation | travel and tourism | TSA | U.S. Government