Schneier on Security
A blog covering security and security technology.
« Memo to the Next President |
| UK National Risk Register »
August 12, 2008
Flying Without ID
Seems like the procedure has changed:
Mr. Peters nodded, and then looked down at the sheet which I had filled out and signed. “I’m going to have to make some calls to verify your identity.”
He pulled out a cell phone. I had assumed that we would be going to some separate screening room, but that wasn’t the case. He stood facing the silver table, and I leaned back against it. So this was the dreaded interview. People walked past us with bags and luggage.
"Hello," he said. "Security." Long pause. It sounded like he was transferred. He said a number that I think had the same number of digits as a phone number. Then he said a shorter number. "No, she doesn’t." He wrote something in small letters on the form. Then he spelled my name over the phone. "D-A-V-I-D-O-F-F. That’s Indigo Delta… yes."
He looked at me. "What’s the name of a street that you lived on prior to your current address?"
"Inman," he repeated. There was a pause. "Where did you live in 2004?"
"Hmm…" I said. "New Mexico? I think? Maybe Massachusetts."
He conferred with the person on the phone. "That’s fine." He hung up.
"All right," he said. "You’re going to go through full security screening." He wrote "SSSS" in red marker on my printed boarding pass. He handed my form to one of the officers at the podium, and then gestured to the first screening line. "Right here."
This only works if you've lost your ID, not if you refuse to show it.
Posted on August 12, 2008 at 12:33 PM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
It shouldn't be the TSA's job to ensure the person whose name is on the ticket is the one getting on the plane; it should be their job to ensure the one getting on the plane is not a danger to other passengers. The TSA doesn't sell tickets and should have no interest in keeping, nor obligation to keep, ticket-buyers from losing their seats.
If that's a true story, what databases are they verifying that information from? I wonder how often they bluff.
I read the account as a story of someone who willfully refused to show ID. The ID wasn't really lost, just mailed to its destination. The author answered TSA questions without lying, but also without telling them she opted to fly without ID. That seems similar to refusing to show it, to me. I wonder what would have happened had she let it slip that she had planned to to go through security without ID. (note: I don't mind she did this and found a way to fly without ID, just mentioning it because I consider it an important element of the experiment)
Not directly on topic, but--
Recent my (minor) son had to travel cross-country for a college summer school. He is old enough not to need a flight attendant escort but hasn't yet gotten a driver's license or passport.
On the outbound leg, I accompanied him to the TSA checkpoint. When he told them he was a minor, and that I was his father, they checked that *my* ID had the same last name as the ticket.
On the return leg, he was by himself, and when he told them he was a minor, they just let him through.
Either way, he could have been anybody that looked young enough to be a minor.
Billy: "... what databases are they verifying that information from?"
Experian's PreciseID service (used i.e. by credit agencies to verify their customers' identity) asks questions of this kind. It's a clever move if they use it.
I have no idea where does Experian get their data, though.
Also, Experian's authentication service obviously doesn't work for persons with no credit history in US...
That sounds suspiciously like they use one of several of the "personal information aggregator" companies that trawl public records, credit reports, etc.
Which is all fine and good, except when the companies have incorrect information. I had to escalate an issue to the office of the President of Bank of America because they insisted on using these questions to verify my identity, and the data they had claimed I was employed by a company for which I had not worked in more than a decade.
Their solution? Show them official government-issued ID, of course.
And there's really nothing an individual can do to correct the information the companies sell, nor can one even discover from them where the erroneous information originated (I got lucky and noticed one of the credit bureaus reporting exactly that bit of faulty information, and corrected it there, but to this day I have no idea whether the aggregator service updated their database to reflect that change.)
It's only a matter of time before one of these "interviews" results in exactly such a situation.
Interesting insights at the end of the original article.
So the moral of the story is that this person wasted security personnel's time which could have been spent more productively.
The reason why people who refuse to show their ID can't fly is that they are wasting the time of security personnel to make a political statement.
The regulation is a pragmatic one not a prescriptive one.
@ Arthur Davidson Ficke
You are buying into the premise that what the "security personnel" could otherwise be doing is productive.
Checking ID's is not productive. It is security theater. Having passengers fill out forms and submit to "extra screening" is simply a different act, but it is still theater.
The article's author concludes that "Real attackers will just use fake IDs or identities and pass through unnoticed."
While this is true, it's much simpler to use a real ID and just fake the boarding pass you present at the security checkpoint. There are many articles about doing this, so it hardly needs mentioning.
However, I do think it's interesting that even when the traveler was undergoing this extra screening, the TSA apparently didn't check whether her boarding pass was real or fake. So she could have passed even this extra screening, and identified herself truthfully, but still not have been a real passenger.
@ Arthur Davidson
The TSA perform no useful pourpose, other than providing the illusion of security to comfort nervous passengers.
Therefore, the time of the "security personnel" is not being wasted at all here: they are acting in the show for which they were hired as performers.
Not only does credit history data not work for people with no credit history in the US, it is notoriously bad.
I just tried to open an online bank account, and I twice failed the 'verify' questions which reference my credit history. I have no idea why. The 1-800 operator suggested I check my credit report (I last did that in Oct, it is overdue). I did that, and Equifax refused to give it to me since there is some kind of lock on it. Perhaps due to failing the bank thing twice. I was able to get a report from Experian, and it's fine.
So now I have to send 'proof' of my identity to Equifax and hopefully figure out what they have wrong about me.
Note- the things they want as proof of my identity would be pretty easy to create with photoshop...
The whole "ID" issue in US amuses me to no end. In most of West Europe countries citizen have some kind of government-issued ID. Here in Israel it's extremely convenient that everyone have such id, given how easy is to misread names in Hebrew.
Vast majority of population served in army, and thus given to authorities not only photo, but also fingerprints and tooth prints. DNA samples for all soldiers are coming.
Yes, I read what people opposing an ID have to say. All boils down to "my dad didn't need it, I don't need it too".
What does it have to do with personal freedom and/or privacy - is beyond my comprehension.
And BTW - id's do help to fight with terrorism. Israel have lot of sad experience to deal with terror threats. Believe it or not - having everyone to have an unique id really helps.
> DNA samples for all soldiers are coming.
I wonder why there is not 50% of the population against that.
With DNA samples you can know who is the true father of a child, even if the legal father is not aware of it.
Now, who would have access to that information: army? police? justice? people who find a CDROM in the train?
That single information can represent a lot of money on the black market.
> what people opposing an ID have to say.
Sometimes, it is more "who is allowed to demand your ID in the street?".
Can you check who they pretend to be, can you check their ID?
If you are a foreigner and do not speak the local language (perfect target), will you recognise how those people should be dressed?
A bit like the police having millions of CCTVs, but if you take a photo of a police car parked at a very wrong place, you get arrested under the terrorism act and can stay there 42 days...
Thank god for the DHS. They have really made a watertight security system. And for as little as a few billion $. Great!
"Yes, I read what people opposing an ID have to say. All boils down to "my dad didn't need it, I don't need it too".
What does it have to do with personal freedom and/or privacy - is beyond my comprehension."
A simple question for you to think about,
What if Nazi Germany had a DNA database of all citizens of the countries they occupied?
The trouble with Biometric ID is that you have to trust anybody and everybody who gets access to it with your very life, as well as those of your children, grand children and their grand children.
Can you tell what state the eastern mediterainian and it's surrounding countries are going to be in in ten years time let alone a hundred or two?
If you can then maybe for you giving up that knowledge is ok, but for me I cann't so no way do I want to give up the information.
The fact that the country I live in (the U.K.) Is heading as rapidly as possible along the political and technical lines that would make implementing a police state trivial real scares me.
I might be in trouble with that; I don't recall my previous address offhand. I can drive to it but I don't remember the street. It's been 15 years.
Opps, the above anonymouse post of 8:32 is mine.
Recently, I was traveling with a temporary New Hampshire driver's license, which is a black-and-white piece of laminated paper.
These days, NH driver's licenses aren't issued on the spot as they used to be, but are mailed, presumably to ensure that you provide a valid address. The DMV also did not allow me to keep my old as-yet-unexpired driver's license, because of the terrible things that could happen if I had two valid driver's licenses in my posession. (I was later told that this policy may have changed.) So there is a period when you may not have a permanent driver's license. In my case, thanks to a slip-up at the DMV that they didn't acknowledge despite me calling them twice, this period turned into two months. Of course they blamed it on their "new computer system."
On my trip out, TSA at MHT had no problem with my piece of paper.
But on the return trip, the assistant at the check-in desk claimed that she had never seen such a license before and promptly proceeded to issue an "SSS" boarding pass. She said that "otherwise the TSA will send you back to check-in and then you have to stand in line again." A load of bull if you asked me.
Doubly ridiculous when you consider that I could have checked it at home, where the online check-in does not care about the shape or form my driver's license is in.
>> DNA samples for all soldiers are coming.
>I wonder why there is not 50% of the >population against that.
>With DNA samples you can know who >the true father of a child, even if the >legal father is not aware of it.
How is "you" here? Army? Here's breaking news - when you're drafted, you don't have many "rights". Privacy - no. Freedom of - no. Stay alive - not really.
>> Sometimes, it is more "who is allowed to demand your ID in the street?".
Which is completely irrelevant to how database is organized, isn't it? Uncorrupted police is always better, with ID or without.
>> A simple question for you to think about,
>> What if Nazi Germany had a DNA database of all citizens of the countries they occupied?
About 100M died most of them unidentified. Most of Jewish population was wiped thanks to local cooperation. No ID was needed, see?
The problem is fascism, not database.
>> The trouble with Biometric ID is
>> that you have to trust anybody and
>> everybody who gets access to it
>> with your very life
No, not really. Why, my DNA code is not a kill switch, you know.
Someone needs to print off a bunch of boarding passes in the names of various Senators, Congressmen, and TSA officials, then "forget" their ID...
@Arthur Davidson Ficke: "The reason why people who refuse to show their ID can't fly is that they are wasting the time of security personnel to make a political statement."
Interesting. The way you've phrased that, it sounds kind of like a violation of the right to free speech.
As in, "you can fly without ID, except to make a political statement".
The views expressed above are entirely those of the writer and do not represent the views, policy or understanding of any other person or official body.
I've gone through some system testing where such knowledge based assessments are used for identity verification. As a result, I got to play with all of my data quite a bit. However, I just got married and changed my last name, and some of the databases being used have not updated yet. So, anything related to property records has my maiden name on it (have no intention of changing that), and my credit reports either have my maiden name or my married name, depending on the time of month and which incantations are used. So, for me, it's a crap shoot as to whether these types of systems can identify me. Also, they tend to have very old data, so you could be asked your phone number from 20 years ago.
Excellent source article and insightful analysis. Thanks for posting the link.
Blessed are the countries too poor to have id's .. in a lot of places you can just board the plane like good old days .. no one even bothers to question you if you say you don't have any papers!
>>> DNA samples for all soldiers are coming.
>>I wonder why there is not 50% of the population against that.
>How is "you" here? Army? Here's breaking news - when you're drafted, you don't have many "rights".
> Privacy - no. Freedom of - no. Stay alive - not really.
Do you have any right *after* having done your military service?
Will they delete the record when you leave?
>> Sometimes, it is more "who is allowed to demand your ID in the street?".
> Which is completely irrelevant to how database is organized, isn't it?
Yes, but an ID card which is never controlled is not needed.
> Uncorrupted police is always better, with ID or without.
Yes, but if that is not the police, just to check the ID when you pay by check, or security staff in the shop,
or someone (well dressed) pretending to be from some official organisation?
I wonder how many times you have to have "lost your ID" before you are "refusing to show your ID"? Seems to me that would be the next test, though it could get expensive. Even more interesting would be if the same unfortunate person-with-no-wallet traveled in a physically challenging way. Perhaps, NY to LA an hour after Boston to San Diego?
I disagree with Andy about what the next test is - it isn't, how many times can you "forget" your ID before you are "refusing" to show it.
The next test is, does the TSA have any right to deny permission to fly just because you are travelling without ID? This test must be carried out at the supreme court, rather than in an airport.
The previous case went all the way to the supreme court, and held that their procedures at the time were OK, only because you could refuse to show ID but submit to the more rigorous screening, all without your identity being verified - they got away with it, only because anonymous air travel was not prevented. Based on that precedent, I can't see their present measures holding up in court.
"Flyers without IDs placed on TSA list"
"Later Tuesday, Hawley called the newspaper to say the agency is changing its policy effective today and will stop keeping records of people who don't have ID if a screener can determine their identity."
So.... they'll only keep records of people when they can't verify their identity? How's THAT work?
If I recall correctly most, if not all of the 9/11 terrorists had valid ID.
A well funded terrorist group will have no problem at all getting a clean, valid ID. It's only the non-terrorists who fall foul of the silly rules. In fact the whole scheme is a bit like DRM :-)
@ Nomen Publicus,
"It's only the non-terrorists who fall foul of the silly rules."
Not quite, there are many criminals who either from foresight or repeated exposure know how to work the system.
The "silly rules" only serve to frighten or criminalise those who's only crime is to have upset those given to much power and no real oversight and see intimidation of the ordinary citizen as part of their job description.
To dragonfrog: you are correct. Gibson v Ashcroft/Gonzalez established their (TSA) ID verification was valid provided there was an alternate method for those who did not submit any form of 'acceptable' ID.
This new regulation interpretation (it's not exactly a law written in the Federal Register) establishes a different set of boundaries in and around the "screening area" and appears to explicitly disavow of preventing someone from boarding.
They're merely preventing you from entering the 'sterile area' (which by obvious logical conclusion is denying you boarding of an airplane) and not denying you boarding of an aircraft. How nice...
Having now flown multiple times post 6/11 (how 'quaint') and stated "No ID", they do then proceed to interrogate you about personal details of your "self". And by personal I don't necessarily mean private, like are you married or have any children or other possible "authenticative" details (mother's maiden name) but personal bits of information such as "Who else lives at the address you provided?" "What state was your SS# issued in?"
Personally, I will plan to continue to be counter-productive to the sheep-parade that has become airport security but I would like to know what particular database they're attempting to match my answers with.
My best speculation is something related to a few years back regarding TIA or CAPPS/CAPPS2 that invovled ChoicePoint and the commercial databases of personal information on people.
I'm just waiting for the DHS to begin offering to sell you your "terrorist score"! Make it similar to how MyFICO will tell you how each of the credit bureaus rates you numerically!
Oh, and to those who insist those who attempt to exercise their Constitutional rights are "...wasting people's time..." or questioning the reason behind it: realize if no one attempts to question the position of authority and ensure it fits snugly within the constraints of the law then you can 100% expect the authority (entity, not verb) to expand into areas where it should not be. This "ID verification" phase is a carefully crafted policy to coerce & desensitize the general public into accepting and accommodating regular intrusions into their personal lives when the government sees fit to do so.
I don't know about you but the only time I wish to see an authority (and in this case a federal authority) is when I call upon it. Not when said authority feels it necessary to call upon me. They serve at our request and anyone who decides to live with the opposite deserves the intrusion into their private lives.
I found it an enjoyable read, just like Billy Hayes' book Midnight Express. It comes across as more of a personal anecdote than actual research or study, but it surely will be treated as the latter.
Having escaped through numerous border crossings around the world myself, I have to say I found this particular story devoid of any real risk or adventure, but perhaps that could just be a matter of perspective.
Regardless of any comparison to global travel anecdotes, or measure to the standards of research, perhaps the author can shift her work into film. I imagine a weekly sitcom about TSA security called the "SSSS Express" might be timely.
"This "ID verification" phase is a carefully crafted policy..."
Its a lot of things, but its is not carefully crafted in any way whatsoever.
@sherri: "So.... they'll only keep records of people when they can't verify their identity? How's THAT work?"
Same exact technology and procedures as the "No-Fly" list. And with the same value added. This may be the worlds first example of a true random-number generator.
@Yosi: Database-backed ID is a dirty stain on civilisation. You trust the government to Do The Right Thing with your data. They won't. Governments have a track record of selling your information, losing it, misusing it and otherwise acting in an irresponsible manner with it.
Terrorists and petty criminals don't bother with faked ID. They use their real names. All the Madrid and London bombers had either valid ID cards (Madrid) or were not using assumed identities (London).
The only thing a database-backed ID card does is mean that when your ID is stolen, you're in for a world of pain to put it right. Because the card says who you are, and the card's infallible, right?
Here are the Cliff Notes to anyone who is late to this comment thread.
1) The People demand not to be treated like criminals who can't be trusted.
2) The People do not trust the Government. They are criminals.
Cliff Notes to the Cliff Notes, "How DARE you call me a criminal, you criminal?"
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.