On July 5, Transportation Security Administration airport screeners found a bag with two ice packs inside. The ice packs had clay inside them, rather than blue gel, were covered in tape and matched a description of materials on a TSA bulletin warning of dry runs for terrorist attacks.
According to news reports, the 66-year-old grandmother from Long Island whom the TSA detained was carrying a chunk of cheese wedged between archaic, pre-blue-gel ice pack technology, made out of clay.
They let Sara Weiss go home after 3 hours of questioning.
Stories like this are making a laughingstock out of the nations airport screening technologies, procedures and staff. In this country full of smart people, isnt anybody working on technology that can detect and differentiate explosive materials or weapon-like objects from cheese?
As a matter of fact, the airport security checkpoints of the future are going to make our current screening technologies seem as laughable as … well, as they are, cheese fracases and all.
GE Security, for one, in late December 2005 unveiled what it called its “Checkpoint of the Future” lab in San Franciscos International Terminal Concourse A. The checkpoint incorporated an array of futuristic scanning technologies: automated carry-on scanning, automatic biological pathogen detection, millimeter-wave full-body scanning, explosives trace detection on passengers, and a so-called “quadrupole resonance carpet” to detect threats in shoes.
To view and eWEEK slide show about the future of airport security, click here.
In January 2007 the lab was moved out of SFO and into GEs Magnetic Center of Excellence in San Diego, where three of its scanning technologies have since wound up in a product called the SRT (Secure Registered Traveler) Kiosk.
The SRT is now in use at Orlando International, three terminals at JFK, Indianapolis, Cincinnati, Northern Kentucky, San Jose, Albany, N.Y. and Little Rock, Ark., and is about to go live at Newark, LaGuardia and a few other airports that are lined up to join the Clear Registered Traveler program. “Clear” is a traveler pre-registration program that entails matching iris and fingerprint scan data stored on a card with a scan of those biometric details at the airport.
The SRT looks like an ATM with short walls. A traveler walks onto a few feet of quadrupole resonance carpet that checks his or her shoes for traces of explosives. Using smart card technology, iris image capture and a finger reader, the kiosk identifies travelers and checks their stats against the biometric information stored on a special ID card, while also checking for traces of explosives on the fingers.
The technology represents an evolutionary leap in terms of explosives detection. Were this technology in place at the time, it could have detected the plastic explosives hidden in the shoes of Richard Reid, the shoe bomber who attempted to detonate a plane in-flight in December 2001.
On a less sensational level, the technology will also mean passengers get to keep their clothes on during screening—no need to remove shoes or coats. When and if other Checkpoint of the Future technologies make it into products, it could also mean we wont have to remove cell phones or laptops from our bags, for example.
Click here to read about how tight airline budgets are making travel more arduous.
GE borrowed from technologies developed by a few different companies to create the Checkpoint of the Future. L-3 Communications, for example, loaned its millimeter wave whole-body imaging technology.
Millimeter wave is different from backscatter X-ray—an imaging technology that has raised eyebrows and privacy fears— though both do whole-body scans.
Backscatter is another new type of imaging technology that many people find objectionably intrusive. Backscatter detects the radiation that a target bounces back. The technology, now in use at the Phoenix Sky Harbor International Airport, presents an image of items outside of your body.
Backscatter X-rays produce images of photo quality that are disturbingly frank—EPIC (the Electronic Privacy Information Center), which has called the images a “virtual striptease,” has an image on its site of Susan Hallowell, director of the TSAs research lab, that gives an idea of how much detail is rendered. Even that explicit image was distorted so as to blur the private parts, and according to the TSA, a trial backscatter system in Phoenix has replaced those photo images with cartoonish outlines.
Page 2: U.S. Airport Security Checkpoints Poised for Evolutionary Leap
U
.S. Airport Security Checkpoints Poised for Evolutionary Leap”>
Its not just that its intrusive, though, say EPIC and the ACLU; its that its just not necessary.
“Will a technology that will capture detailed images of potentially all airline travel passengers lead to greater safety,” EPIC asks on its site. “Current technology can successfully detect dangerous substances, firearms and other weapons without backscatter X-ray imaging of passengers.”
Yes, but it cant do it quickly. As air travelers complain about increasing delays, scanning technology vendors across the board are aiming for faster throughput, as well as decreased false alarms and lower costs.
Bill Frame, senior vice president for L-3, in Woburn, Mass., says that millimeter-wave technology is preferable over backscatter on a number of points. First, its a very fast approach, he said, with scans averaging between 2 and 4 seconds—much faster than backscatter. Its also nonradiating, relying as it does on harmless radio waves as opposed to X-rays.
Finally, “theres certainly an image difference” between millimeter-wave and backscatter technologies, Frame said in an interview with eWEEK. He described the image generated by millimeter-wave as being a 3D holographic image that you can spin around to search an entire person. Backscatter, in contrast, generates three photos of a traveler.
L-3s technology uses algorithms to automatically detect anomalies—for example, images that represent objects outside of the body. Both it and backscatter detect not just metallic objects but any object, which is necessary for detecting weapons such as ceramic knives.
The fact that its automatic is a plus for millimeter-wave, Frame said, given that backscatter technology still requires an operator to discern if theres an object under a persons clothes.
“In that sense, theres a shift in the TSAs thinking, and in security in general, of automating decision making,” he said. L-3 just recently was awarded a contract from the TSA to test the technology in Phoenix.
To read more about about the impact of RFID, click here.
Meanwhile, outside the United States, scanning technology is evolving on a parallel track. The same e-passports that have been delayed in the United States due to the ease with which data can be read from RFID chips are heading toward ever more sophisticated use in Europe.
A European version of a biometric passport is planned that will have digital imaging and fingerprint scan biometrics placed on a contactless chip. The British biometric passport now only uses a digital image and foregoes fingerprint data, but the United Kingdom Passport Service is in fact mulling over inclusion of such data. In Germany, two fingerprints will be stored on the chip beginning Nov. 1.
Vendors are piloting ways of dealing with the data that the government is preparing to hand over. Nine private and government sector organizations conducted a four-month trial that wrapped up in February 2007, titled miSense, in which roughly 3,200 airline passengers volunteered to take part in an accelerated traveler program, which used fingerprint scanning and photographic scanning of passports. The trial involved e-passports that store biometric data such as fingerprints, iris scans and facial scans, although for the test the fingerprint was only linked to passport information and stored in a database for later reference.
Trial participants were able to navigate the airports involved in the trial—Londons Heathrow, Dubai and Hong Kong— 72 percent faster than non-participants. Almost 90 percent said theyd recommend the program to friends.
Of course, all of this technology raises questions of privacy. That question is particularly acute when youre talking about such sensitive data as the image of an individuals fingerprints—not an image that one would relish having fall into the wrong hands.
Cryptography and data security firm nCipher is in fact working on encryption for the data residing on biometric e-passports. Alex van Someren, CEO and co-founder of nCipher, said in an interview with eWEEK that biometric passport data has the same security implications as RFID chips in U.S. passports.
“Can you pick up a copy of my fingerprints from my passport? From the database in some government department thats now building up millions and millions and millions of peoples fingerprints?”
Its bad on many levels, he said. “I dont want somebody to reproduce a copy of my fingerprints and plant them on a knife at a crime scene,” said van Someren, from the companys Cambridge, England office. “Secondly I dont like the idea of that biometric information [getting] modified. An adept hacker could change my information on file.”
In fact, a proposal to modify the ICAOs (International Civil Aviation Organization) e-passport standard would add encryption to data on cards so that only authorized decrypters can read and decode data—a plus for e-passport security whether youre talking about biometric data or the standard data—Social Security numbers, for example—stored on U.S. e-passports.
At the moment, however, e-passport data is weakly encrypted, van Someren said.
At any rate, soon there may be less data to encrypt or to lose.
In a welcome break from the norm of ever more restrictive guidelines, the TSA announced on Aug. 9 a new proposal that would scale back the amount of data airlines must submit about their passengers
The proposal is for a new program called Secure Flight under which the TSA would take on the responsibility for checking passengers against terrorist watch lists—a task now done by U.S. air carriers.
Acknowledging privacy concerns, the program would collect a minimum amount of personal identifying information, news reports quote Homeland Security Secretary Michael Chertoff as saying in a press conference Aug. 9.
“Its not going to rely on collecting commercial data; its not going to assign a risk score to passengers; its not going to try to predict behavior,” he said. “Its only designed to collect a minimum amount of personal identifying information so that we can do an effective job of matching the traveler to a person whose name and identity is on a watch list.”
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.