August 01, 2007

Travel Kiosk - Registered Traveler and TSA mandates

On eve of subcommittee examination of the Registered Traveler program, we see some criticisms of how it is being implemented particularly where RT members must now show two forms of ID (that would seem in excess). Nice article by Jim Harper.

TLF: TSA's Embarrassing "Double ID" Rule

TSA’s Embarrassing “Double ID” Rule

I’ve written here before about the Clear card, which allows people to prove their membership in the Transportation Security Administration’s Registered Traveler program without telling TSA who they are. I disapprove of Registered Traveler, but if it’s going to exist, the Clear card system’s restrictiveness with users’ identities is a key anti-surveillance feature.

Today, the House Homeland Security Committee’s Subcommittee on Transportation Security and Infrastructure Protection is holding a hearing entitled “Managing Risk and Increasing Efficiency: An Examination of the Implementation of the Registered Traveler Program.”

Steven Brill, the Chairman and CEO of Clear, is one of the witnesses, and he has some choice criticisms of TSA.

The anti-surveillance feature in Clear? Undone by incoherent TSA dictates:

Beginning last fall, TSA suddenly required that RT members using the RT line show a picture ID and their RT card right before entering the line. These are the same RT cards that, when put into the RT kiosk, will use the traveler’s fingerprint or iris scan to biometrically match the user to the data embedded in the card. That’s right, RT members are the only travelers who must present TWO forms of identification.

In case it’s not (ahem) clear to you, the Clear system checks government-issued ID and collects biometric information on enrollment. It does a background check on that identity, and ties the approval/credential to the biometric on the card.

The Clear kiosk does a far more reliable comparison of the biometric on the card to the individual presenting him- or herself at the airport than any TSA screener is going to do looking at driver’s license pictures. Yet, Clear card holders still have to show a government-issued ID. The “Double ID” rule is nonsensical, embarrassing, and stupid.

To top it off, Brill tells how the TSA’s rules would require a twelve-year to show two forms of ID if he or she is a Clear card-holding registered traveler (as youngsters can be with the approval of their parents), even though kids under 18 don’t have to show any ID at all in the ordinary airport security line.

Digital identity managment systems like this will grow more important as more and more of our interactions and transactions are conducted using digital technology. Data from digital transactions are almost always put in databases where, unlike analog records, they remain easily available for copying, sharing, and reuse. Resisting unnecessary data collection (often referred to as “data minimization”) is the key response to this problem.

Systems like Clear, which prove a credential without sharing identity information, minimize data collection by design. The phrase “digital identity management” is often used inaptly, I think, to denote an organization’s efforts to control the access given to employees, customers, etc. Clear is a true “digital identity management” system because, well, it allows people to manage and control their identity information.

Posted by staff at August 1, 2007 07:08 AM