Educated Guesswork: First reactions to the Secure Flight proposal

« Bringing back the draft? | Main | Breathalyzer source code »

August 13, 2007

First reactions to the Secure Flight proposal

Just looked over DHS's new Secure Flight proposal. (By the way, it's a scanned printout, which is super-annoying.) Some initial reactions:

The big change is that currently the carriers get a copy of the black (no-fly) and gray (selectee) lists and evaluate your name against the list. In the proposed system, the airline would send your PNR to TSA, which would make the evaluation itself. From a privacy perspective, this is substantially inferior; TSA would have a record of every flight you took. They claim that the vast majority of records will be deleted within 7 days. However, if you're a potential match (whatever that means) your records will be retained for 7 years. Remember when people got upset because JetBlue was sending PNR data to the government? This proposal would basically institutionalize that practice.
The airlines are required to ask for your name, DOB, and gender, but the only information you're required to provide is your name. However, if the airlines have that information (plus a bunch of other stuff) then they have to provide it. Two notes here:
- There's a big incentive to provide this data because it's being used to disambiguate you from terrorists who happen to share your name. And even if there aren't any terrorists, you can expect that the first thing that happens when you complain is that it's suggested that you provide this info.
- It's probably irrelevant anyway because if you're a frequent flier it's likely your airline knows this information and they'll be required to provide it to TSA.
If you feel you're being subjected to too much screening, there's (already) some program you can use to complain. They won't tell you if you're on the watch list but they might (or might not) issue you a number which yu can provide with your reservation and which might (or might not) lower the false positive rate.
DHS is considering having a machine-readable indicator on each boarding pass. The idea would be to block tampering. Strangely, they say it won't contain any personally identifying information, which makes it a little unclear how it would work. The natural thing here is a digital signature over your name and maybe a picture, but the proposal isn't specific, and of course that would be personally identifying.
There's some hints that TSA is planning on taking a harder line on letting you fly without ID if you get searched. On the other hand, the document does suggest there will still be exceptions so it's not clear what those will be.

Of course, like any name-based blacklist, the security of this system depends on (1) the quality of the algorithm generating the blacklist and (2) the level of difficulty required to obtain fake ID that will be accepted by the blacklist enforcers. It's not clear that either of these is really adequate at this time.

Posted by ekr at August 13, 2007 7:38 PM | Filed under: Security: Airport

Comments

I think there has to be a way to get on your flight when you don't have ID. It can be a big pain in the a--, but it must exist. Otherwise, someone who loses his wallet or has his drivers' license expire can't fly home. That would be nuts.

Posted by: John Kelsey at August 14, 2007 10:24 AM

Or stolen.

Posted by: Nathan Zook at August 15, 2007 8:30 AM