|
|
If your name is David Nelson you can expect to be hassled, delayed, questioned and searched before being allowed to board aircraft anywhere in the United States for the foreseeable future.
Since the horrific attacks on Sept. 11, 2001, the federal Transportation Security Administration has, without any public announcement, created a two-tiered list of names "to protect our aviation system," says Nico Melendez, the agency spokesman for the West Coast, who is based in Los Angeles.
The name David Nelson apparently is on one of those lists.
"There is a 'no-fly' list," he says. "That's people who cannot fly, period," because they've been determined to be or are suspected of being "a threat to civil aviation or to national security."
http://www.oregonlive.com/news/oregonian/margie_boule/index.ssf?/base/living/1051877124142830.xml
Computerized Analysis Changed in Response to Criticism That It's Intrusive
By Robert O'Harrow Jr.
Washington Post Staff Writer
Saturday, June 14, 2003; Page E01
The Transportation Security Administration has altered plans for a computerized passenger screening system, in part because of criticism that earlier proposals would have been overly intrusive, according to documents and interviews with government officials.
Under the new approach, the system known as CAPPS II would draw less personal information about passengers into the government computers, the documents show.
Instead, the system will rely on commercial data services that will authenticate passenger identities using mathematical models developed by the TSA and a wealth of personal details collected for marketing and business purposes.
http://www.washingtonpost.com/ac2/wp-dyn/A57122-2003Jun13?language=printer
>> Credit card information used for passenger screening? The full story is at:
By James M. Loy
USA Today, 25 June 2003
Securing air travel from terrorist threats is a demanding
responsibility of the Transportation Security Administration
(TSA). That's why there is a no-fly list to help keep terrorists off
aircraft and why we are developing a second-generation
Computer-Assisted Passenger Prescreening System, known as CAPPS II.
The TSA is the first to agree that our current system for prescreening
passengers is outdated, oftentimes resulting in frustrating delays for
innocent travelers. The result is greater reliance on the list of
individuals who may be a threat to aviation, based on information from
federal intelligence and law enforcement agencies. That situation
presents challenges -- challenges the TSA is determined to meet, not
just grouse about.
First, a small number of travelers with names similar to those on the
no-fly list often are delayed when getting boarding passes. So far, we
have heard from a tiny number of the 45 million people who fly each
month. To date, only 16 of them have sought relief from the TSA.
Second, all 74 domestic airlines check passengers against the list
using procedures they individually determine. The result is sometimes
inconsistent application of the procedure for clearing travelers,
leading to those frustrating delays. To address both problems, the
TSA is offering real solutions. Short-term, the TSA has developed a
way for those travelers who experience a delay getting a boarding pass
to seek relief by writing our Office of the Ombudsman for information
about a new clearing process (e-mail ombudsman@dhs.gov). In fact,
airlines already have been notified about several of those passengers,
whose travel experiences now should be more pleasant. The long-term
solution is CAPPS II, which would take routine passenger information
-- name, date of birth, home address and home phone number -- and
check it against private-sector databases to confirm a passenger's
identity. The result should be a more consistent approach to
pre-screening passengers, improved security and less hassle for
everyone.
In developing CAPPS II, the TSA initiated a national dialogue with
everyone concerned, including privacy advocacy groups. The goal was to
ensure that privacy is maintained while security is enhanced. In the
near future, the TSA will provide additional information about CAPPS
II to address public complaints and concerns. We want to have a clear
written record, against which the public can hold us accountable.
When it is implemented, CAPPS II will be a carefully limited system
that reflects American values. Our intent is not to be intrusive, but
to stop those few people who pose a threat. With both solutions, the
TSA is underscoring its commitment to deliver security and customer
service to everyone boarding a flight. Adm. James M. Loy is
administrator of the Transportation Security Administration. The new
system will have more checks to limit mistaken identity.
Government Is Considering Using X-Ray Technology At Airport Security
Checkpoints
EGG HARBOR TOWNSHIP, N.J. 6.25.03, 5:30p -
Susan Hallowell steps into a metal booth that bounces X-rays off her skin,
producing a black-and-white image that reveals enough to produce a
world-class blush.
To the eye, she is dressed in a skirt and blazer in dark, businesslike
colors.
On the monitor, the director of the Transportation Security Administration's
security laboratory is naked, except for a gun and a bomb that she hid under
her outfit.
The government is considering using the technology at airport security
checkpoints because the magnetometers now in use cannot detect plastic
weapons or substances used in explosives.
Hallowell is sacrificing her modesty to make a point: Air travelers are not
going to like being technologically undressed by security screeners.
"It does basically make you look fat and naked _ but you see all this
stuff," Hallowell said Wednesday during a demonstration of the technology.
The technology is called "backscatter" because it scatters X-rays. Doses of
rays deflected off dense materials such as metal or plastic produce a darker
image than those deflected off skin. The radiation dosage is about the same
as sunshine, Hallowell said.
Backscatter machines have been available on the market for years. They are
priced at between $100,000 and $200,000 and used in all sorts of security
situations, from screening families of convicts visiting prisons to South
African diamond miners going home for the day.
The agency is trying to find a way to modify the machines with an electronic
fig leaf _ programming that fuzzes out sensitive body parts or distorts the
body so it is unrecognizable.
Another option might mean stationing the screener in a booth so only he sees
the image, said Randal Null, the agency's chief technology officer.
Null hopes to conduct pilot programs with backscatter machines at several
airports this year. A pilot project at Orlando International Airport in
Florida using volunteers met with mixed results, he said.
Some volunteers were uncomfortable with it. For others, "It was a whole lot
nicer than having someone pat me down," he said.
David Sobel, general counsel for the Electronic Privacy Information Center
in Washington, thinks most people will object to the backscatter technology.
"The public is willing to accept a certain amount of scrutiny at the
airport, but there are clearly limits to the degree of invasion that is
acceptable," Sobel said. "It's hard to understand why something this
invasive is necessary."
But Rep. John Mica, chairman of the House Transportation and Infrastructure
subcommittee on aviation, thinks it is essential because of the strong
likelihood that a terrorist will try to bomb a plane.
"I predict it will happen," said Mica, R-Fla. "The chances of someone
bringing an explosive on an aircraft by walking through a metal detector or
in hand-carried luggage are very real."
Mica pointed out that Richard Reid, convicted of trying to blow up a
trans-Atlantic jetliner with explosives in his shoes, walked through metal
detectors at Orly Airport in Paris several times before boarding the plane.
For now, Mica is trying to persuade colleagues to require that the
transportation agency focus its research on technology that identifies items
on people's bodies.
Null said the agency's major focus is already on detecting explosives and
weapons at airport checkpoints.
In the end, the biggest problem with the backscatter machines may be their
size, he said. One version, the BodySearch system made by Billerica,
Mass.-based American Science & Engineering is about 4-feet by 7-feet by
10-feet _ awfully big for an airport lobby, Null said.
Another system made by Hawthorne, Calif.-based OSI Systems is more compact.
By Ryan Singel
http://www.wired.com/news/print/0,1294,59860,00.html
CAPPS II testing has been restarted.
The Department of Homeland Security's Transportation Security
Administration continues in its attempts to set up defacto internal
border controls at our nation's airports.
In response to the collaboration of Galileo, a subsidiary of Cendant, Inc.
in this test of the CAPPS II system, a disinvestment campaign has been
launched at:
http://www.dontspyon.us
The idea of citizens having to undergo a background investigation
simply to travel in his or her own country is invasive and un-American.
The CAPPS II system goes far beyond what any thinking citizen of this
country should consider reasonable. That citizens will be required to
provide detailed personal information to private companies that can be
used for tracking and marketing purposes is repugnant.
If enough people refuse to conduct business with Galileo or any of its
sister companies, then it is likely that other Computerized Reservation
Systems (CRS) will refuse to implement this sadly misguided and
anti-democratic program.
The boycott will remain in full effect until Galileo publicly withdraws
from any involvement with the testing of CAPPS II.
��� --- ��� ��� --- ���
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin
http://abclocal.go.com/wabc/news/wabc_081103_jfk.html
http://www.nytimes.com/2003/07/01/business/01SECU.html?ex=1061870400&en=1431f0699bb5c638&ei=5070
A reader sent in this conversation he overheard at a corporate security desk one morning:
Employee: I have lost my photo-ID card, can I get a day pass please?
Security Guard: Certainly, what is your serial number?
Employee: 123456
[Security guard pulls up the details on his computer, which includes a photograph of the employee.]
Security Guard: Do you have a driver's license or another piece of identification which has your picture on it?
Employee: Why would you need that?
Security Guard: To match against our records.
Employee: A picture of my face?
Security Guard: Yes
Employee: This is my face -- I am wearing it on my head.
Security Guard: I need another piece of ID with a picture on it to compare against this one.
This is a great story, because it illustrates how completely clueless security guards can be about how security really works. The point of the photo ID is to allow the guard to match a face with an authorization. A photo ID that is only issued to employees accomplishes that. The database does the same thing: it contains both the employee's photo and his authorization. But the guard doesn't understand that; all he knows is that he needs to look at a piece of plastic with the person's picture.
The photo-ID requirement on airplanes was established in 1996 by a still-secret FAA order. It was a reaction to TWA flight 800, which exploded shortly after takeoff, killing all 230 on board. This was an accident -- after 18 months the FBI concluded that there was no evidence of a bomb or missile -- but the ID requirement was established anyway. The idea is that checking IDs increases security by making sure that the person flying is the person who bought the ticket. After 9/11, the government decided that checking IDs multiple times increased security even more, especially since there is now a "watch list" of suspicious people to check the names against.
It doesn't work. It's actually easy to fly on someone else's ticket. Here's how: First, have an upstanding citizen buy an e-ticket. (This also works if you steal someone's identity or credit
card.) Second, on the morning of the flight print the boarding pass at home. (Most airlines now offer this convenient feature.) Third, change the name on the e-ticket boarding pass you print out at home to your own. (You can do this with any half-way decent graphics software
package.) Fourth, go to the airport, go through security, and get on the airplane.
This is a classic example of a security failure because of an interaction between two different systems. There's a system that prints out boarding passes in the name of the person who is in the computer. There's another system that compares the name on the boarding pass to the name on the photo ID. But there's no system to make sure that the name on the photo ID matches the name in the computer.
In terms of security, this is no big deal; the photo-ID requirement doesn't provide much security. Identification of passengers doesn't increase security very much. All of the 9/11 terrorists presented photo-IDs, many in their real names. Others had legitimate driver's licenses in fake names that they bought from unscrupulous people working in motor vehicle offices.
The photo-ID requirement is presented as a security measure, but business is the real reason. Airlines didn't resist it, even though they resisted every other security measure of the past few decades, because it solved a business problem: the reselling of nonrefundable tickets. Such tickets used to be advertised regularly in newspaper classifieds. An ad might read: "Round trip, Boston to Chicago, 11/22-11/30, female, $50." Since the airlines didn't check IDs and could observe gender, any female could buy the ticket and fly the route. Now that won't work. Under the guise of helping prevent terrorism, the airlines solved a business problem of their own and passed the blame for the solution on to FAA security requirements.
But the system fails. I can fly on your ticket. You can fly on my ticket. We don't even have to be the same gender.
Number one. By now everyone has seen those large CTX baggage scanning machines. At about $2 million each, they're very good at finding explosives in luggage. Unfortunately, they're also very good at finding other things too -- the false positive rate is very high. Turns out that peanut butter looks a whole lot like plastic explosives (C-4, Semtec, etc). Smuggling a bomb on board an airplane is as easy as taking a jar of peanut butter, breaking it in your luggage so that it smears around everything, and then slipping a bomb into the suitcase.
Number two I wrote about in my book, Beyond Fear: "You can even make a knife on board the plane. Buy some steel epoxy glue at a local hardware store. It comes in two tubes: a base with steel dust and a hardener. Make a knifelike mold by folding a piece of cardboard in half. Then mix equal parts from each tube and form into a knife shape, using a metal fork from your first-class dinner service (or a metal spoon you carry aboard) for the handle. Fifteen minutes later you've got a reasonably sharp, very pointy, black steel knife."
The point here is to realize that security screening will never be 100% effective. There will always be ways to sneak guns, knives, and bombs
through security checkpoints. Screening is an effective component of
a security system, but it should never be the sole countermeasure in the system.
"Confessions of a Baggage Screener":
http://www.wired.com/wired/archive/11.09/bagscan.html
http://www.smh.com.au/articles/2003/09/04/1062548967124.html
http://www.wired.com/news/privacy/0,1848,60456,00.html