Privatizing Registered Traveler
Last week the TSA announced details of its Registered Traveler program. Basically, you pay money for a background check and get a biometric ID—a fingerprint—that gets you through airline security faster. (See also this and this AP story.)
I’ve already written about why this is a bad idea for security:
What the Trusted Traveler program does is create two different access paths into the airport: high security and low security. The intent is that only good guys will take the low-security path, and the bad guys will be forced to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to take the low-security path.
The Trusted Traveler program is based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That’s simply not true. Most of the 9/11 terrorists were unknown and not on any watch list. Timothy McVeigh was an upstanding US citizen before he blew up the Oklahoma City Federal Building. Palestinian suicide bombers in Israel are normal, nondescript people. Intelligence reports indicate that Al Qaeda is recruiting non-Arab terrorists for US operations.
But what the TSA is actually doing is even more bizarre. The TSA is privatizing this system. They want the companies that sell for-profit, Registered Traveler passes to do the background checks. They want the companies to use error-filled commercial databases to do this. What incentive do these companies have to not sell someone a pass? Who is liable for mistakes?
I thought airline security was important.
This essay is an excellent discussion of the problems here.
Welcome to the brave new world of “market-driven” airport security, where different private security firms run and operate different lanes at different checkpoints, offering varied levels of accelerated screening depending on how much a user paid and how deep of a background check he or she submitted to. Thus the speed at which you move through a checkpoint will theoretically depend on a multiplicity of factors, only two of which are under your control (the depth of your background check and the firm(s) with which you’ve contracted). Other factors affecting your screening time, like which private security firm is manning a checkpoint and what resources that particular firm has invested in a particular checkpoint (e.g. extra personnel, more screening equipment, and so on) at a particular time of day, are entirely out of your control.
This is certainly a good point:
What’s worse than having identity thieves impersonate you to Chase Bank? Having terrorists impersonate you to the TSA.
Ed T. • February 1, 2006 6:47 AM
I’m not convinced this is a Bad Thing. Having gone through at least one pretty comprehensive background check, I can tell you that, if administered properly, with a standard set of things to check for (e.g. FBI/state criminal background), it might actually work. Of course, the data bases they use would have to not be filled with error (that is a weakness), and they might even have to do something more than simply do a database search (which, of course, will drive up the cost.)
I would think that the rigor of check would be at about the same level as required to obtain a Concealed Handgun permit in the states that allow it.
What I hope doesn’t happen (as regards rigor of screening at the airports) is how an anti-spam feature in MS Exchange was configured: when the volume of mail to be processed reached a certain threshold (indicating a bottleneck condition, or maybe the beginning of an inbound spam run), the anti-spam filters were automatically bypassed, to allow the mail to be processed without delay. This would be a Very Bad Thing if applied to airport screenings.
-EdT.