Airports Can’t Identify Biometrics Standard
Larry Barrett
It was supposed to be the salvation. The future. The obvious best choice. Experts everywhere looked to information technology after the September 2001 terrorist attacks as the key to better security for government and for businesses—particularly in high-profile locales such as airports.
A year later, it hasn’t quite turned out that way.
Despite an enormous outcry, no leading-edge security technology—like real-time biometrics identification systems—has been deployed at airports to verify passengers’ identities before they board planes. And that leaves many businesses—be they shopping malls or engineering firms or food suppliers—without broad experience to learn from if they’re looking to step up their own security systems.
Says Richard Eastman, president of The Eastman Group, an airline-industry consultancy: “In my opinion, the political issues surrounding the use of biometric technology in U.S. airports are so large that until the government defines and funds some sort of direction, the rest of the airline industry and the civilian populace will continue to be mired in a deep abyss.”
So far, the only new technology to arrive at major airports—self-service ticket kiosks—has been installed by individual airlines at their own expense. This was done to offset the incon- venience travelers endure because of longer and supposedly more comprehensive security checks that use exactly the same technology airports have been using for years.
These self-service kiosks, which allow customers to swipe either a credit card or frequent-flier card to print out boarding passes, receipts and itineraries, provide no additional security even though manufacturers such as IBM already are using biometric identification technology at airport kiosks in Canada, Israel and the Netherlands.
While security experts argue whether the ideal biometric identification technology should be fingerprints, handprints, facial-recognition scanners, iris scanners or some combination, they agree that until the federal Transportation Security Administration (TSA) becomes more decisive, passengers may never see the high-level security that’s available right now. The TSA has struggled to clearly define its role, vacillating between law enforcement agency and advocate for transportation safety improvements.
The Absence of Government Recommendations
“The real problem has been the TSA’s inability to come up with any recommendations,” says Robert Goodwin, vice president of global industries at technology consulting firm Gartner Inc. “It’s terribly disappointing the TSA hasn’t taken a leadership role for getting biometric technology into the airports. The vendors are sitting on the sidelines just salivating to get in there.”
Cost is at the root of it. Until or unless there’s a mandate, airlines aren’t going to shell out the estimated $300,000 to $750,000 each biometric system costs, says United Airlines spokesman Jeff Green.
“At this point, we’re looking into ways to make travel more convenient for our passengers,” he says. “We haven’t been told what the new security standards are or should be in terms of identifying passengers. Until we get some direction, we’re going to take a wait-and-see approach.”
Tel Aviv’s Ben-Gurion International Airport was among the first to implement biometric devices not only to identify and cull potential terrorists but also to speed travelers through the screening process. In October 2001, Recognition Systems of Campbell, Calif., using its HandReaders technology in partnership with Electronic Data Systems, developed an automated inspection system for 21 kiosks throughout the airport. The system, dubbed Express EntrySM, measures the size and shape of a traveler’s hand and then compares the measurements to a template stored in the system’s database.
Other Overseas Solutions
In the Netherlands, IBM has teamed up with the Schiphol Group of Amsterdam—which runs the city’s international airport operations—to use iris-scanning technology that verifies travelers by cross-referencing a real-time scan of the eye with data that’s stored on an encrypted smart card.
“I wouldn’t say the U.S. is lagging behind other countries in terms of technology or the willingness to use biometrics,” Goodwin says. “It’s just that it’s a much more political—and therefore time-consuming—process to get the U.S. government to adopt any technology standard.”
It’s also important to note that in Amsterdam and Tel Aviv, the iris and hand scans are collected on a voluntary basis. Frequent flyers that know they are going to be in and out of airports on a regular basis willingly submit their scans to avoid long delays at passport checks or terminal check-in stations.
“That’s essentially what we’re doing with our kiosks,” says Melanie Jones, a spokeswoman for Southwest Airlines. United, US Airways, British Airways and Air Canada have been installing these self-service kiosks since 1995.
Southwest recently installed 17 kiosks at Dallas’ Love Field and plans to roll them out in 12 more cities. Each kiosk is powered by an IBM PC running either a Windows NT or Windows 2000 operating system, with software called Kiosk Manager. Along with that, the system uses a piece of middleware called CDS to run the on-screen guide.
Rob Ranieri, practice leader for IBM’s e-access group, says the kiosks provide all the functionality a user would find at the check-in desk. While none of the Southwest kiosks will employ biometric technology to verify identities, he says it would be relatively simple to add those features later on.
The Looming Deadline
The TSA faces an Oct. 26 deadline to comply with the usa patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism), passed by Congress last year. The TSA must finalize regulations that would ensure creation and maintenance of a set of minimum customer-identification standards, and provide a means for cross-checking them against agency lists of suspected terrorists and their organizations.
Despite this decree, to date the TSA has signed off on only one biometric technology pilot program: a fingerprinting system for temporary storage lockers at the Minneapolis-St. Paul International Airport.
“It is pretty ironic that our test program is the only biometric pilot the TSA has approved since 9/11,” says Tammy Phippen, the marketing manager for Smarte Carte, the St. Paul, Minn.-based manufacturer of storage lockers and baggage carts at 42 U.S. airports. “And all of our lockers are actually past the first security check so it’s not really that big of a deal anyway.”
Smarte Carte installed sensors developed by technology security firm Digital Persona. The sensors take a digital snapshot of a finger and store it on a database connected to a Windows OS. When the customer returns to the locker, they put the same finger on the sensor to open the locker. The lockers are monitored through a LAN connection to Smarte Carte’s central office. At any time, the company could open one or all of the lockers remotely for inspection.
If the pilot project is successful, Phippen says, there are many more potential applications for the technology. “All we’d need is some direction from the government.”
What You Should Do: Identifying Individuals
Consolidate systems. Establish a single technical platform to collect and verify data obtained from biometric devices
Consolidate systems. Establish a single technical platform to collect and verify data obtained from biometric devices
Stay flexible. Pick a system that can accommodate more individuals and more features
Don’t reinvent the wheel. Use existing databases, employee photos and signatures, where possible
Start where you’re weakest. Install verification technology at points of greatest vulnerability. Less-sensitive areas come next
Consult counsel. There are laws and issues of privacy and surveillance that might apply to your proposed biometric project
Copyright © 2004 Ziff Davis Media Inc. All Rights Reserved. Originally appearing in Baseline.
