.S. Airport Security Checkpoints Poised for Evolutionary Leap"> Its not just that its intrusive, though, say EPIC and the ACLU; its that its just not necessary. "Will a technology that will capture detailed images of potentially all airline travel passengers lead to greater safety," EPIC asks on its site. "Current technology can successfully detect dangerous substances, firearms and other weapons without backscatter X-ray imaging of passengers."Yes, but it cant do it quickly. As air travelers complain about increasing delays, scanning technology vendors across the board are aiming for faster throughput, as well as decreased false alarms and lower costs. Bill Frame, senior vice president for L-3, in Woburn, Mass., says that millimeter-wave technology is preferable over backscatter on a number of points. First, its a very fast approach, he said, with scans averaging between 2 and 4 secondsmuch faster than backscatter. Its also nonradiating, relying as it does on harmless radio waves as opposed to X-rays. Finally, "theres certainly an image difference" between millimeter-wave and backscatter technologies, Frame said in an interview with eWEEK. He described the image generated by millimeter-wave as being a 3D holographic image that you can spin around to search an entire person. Backscatter, in contrast, generates three photos of a traveler. L-3s technology uses algorithms to automatically detect anomaliesfor example, images that represent objects outside of the body. Both it and backscatter detect not just metallic objects but any object, which is necessary for detecting weapons such as ceramic knives. The fact that its automatic is a plus for millimeter-wave, Frame said, given that backscatter technology still requires an operator to discern if theres an object under a persons clothes. "In that sense, theres a shift in the TSAs thinking, and in security in general, of automating decision making," he said. L-3 just recently was awarded a contract from the TSA to test the technology in Phoenix. To read more about about the impact of RFID, click here. Meanwhile, outside the United States, scanning technology is evolving on a parallel track. The same e-passports that have been delayed in the United States due to the ease with which data can be read from RFID chips are heading toward ever more sophisticated use in Europe. A European version of a biometric passport is planned that will have digital imaging and fingerprint scan biometrics placed on a contactless chip. The British biometric passport now only uses a digital image and foregoes fingerprint data, but the United Kingdom Passport Service is in fact mulling over inclusion of such data. In Germany, two fingerprints will be stored on the chip beginning Nov. 1. Vendors are piloting ways of dealing with the data that the government is preparing to hand over. Nine private and government sector organizations conducted a four-month trial that wrapped up in February 2007, titled miSense, in which roughly 3,200 airline passengers volunteered to take part in an accelerated traveler program, which used fingerprint scanning and photographic scanning of passports. The trial involved e-passports that store biometric data such as fingerprints, iris scans and facial scans, although for the test the fingerprint was only linked to passport information and stored in a database for later reference. Trial participants were able to navigate the airports involved in the trialLondons Heathrow, Dubai and Hong Kong 72 percent faster than non-participants. Almost 90 percent said theyd recommend the program to friends. Of course, all of this technology raises questions of privacy. That question is particularly acute when youre talking about such sensitive data as the image of an individuals fingerprintsnot an image that one would relish having fall into the wrong hands. Cryptography and data security firm nCipher is in fact working on encryption for the data residing on biometric e-passports. Alex van Someren, CEO and co-founder of nCipher, said in an interview with eWEEK that biometric passport data has the same security implications as RFID chips in U.S. passports. "Can you pick up a copy of my fingerprints from my passport? From the database in some government department thats now building up millions and millions and millions of peoples fingerprints?" Its bad on many levels, he said. "I dont want somebody to reproduce a copy of my fingerprints and plant them on a knife at a crime scene," said van Someren, from the companys Cambridge, England office. "Secondly I dont like the idea of that biometric information [getting] modified. An adept hacker could change my information on file." In fact, a proposal to modify the ICAOs (International Civil Aviation Organization) e-passport standard would add encryption to data on cards so that only authorized decrypters can read and decode dataa plus for e-passport security whether youre talking about biometric data or the standard dataSocial Security numbers, for examplestored on U.S. e-passports. At the moment, however, e-passport data is weakly encrypted, van Someren said. At any rate, soon there may be less data to encrypt or to lose. In a welcome break from the norm of ever more restrictive guidelines, the TSA announced on Aug. 9 a new proposal that would scale back the amount of data airlines must submit about their passengers The proposal is for a new program called Secure Flight under which the TSA would take on the responsibility for checking passengers against terrorist watch listsa task now done by U.S. air carriers. Acknowledging privacy concerns, the program would collect a minimum amount of personal identifying information, news reports quote Homeland Security Secretary Michael Chertoff as saying in a press conference Aug. 9. "Its not going to rely on collecting commercial data; its not going to assign a risk score to passengers; its not going to try to predict behavior," he said. "Its only designed to collect a minimum amount of personal identifying information so that we can do an effective job of matching the traveler to a person whose name and identity is on a watch list."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.