One of the newest biometric experiments began in November in London's Heathrow Airport, where 2,000 frequent fliers on trans-Atlantic flights on Virgin Atlantic and British Airways agreed to have scans of their irises kept in a database as part of Heathrow's "Simplifying Passenger Travel" programme. Instead of waiting in all of the required security checkpoints, they file past a camera and, if approved, proceed faster to the gate. Officials at Washington's Dulles International Airport hope to launch a similar program in upcoming months, according to IATA. Boston's Logan International Airport is also conducting a biometric experiment to identify people already in a database of known or suspected criminals or terrorists. Biometrics is the digital analysis using cameras or scanners of biological characteristics such as facial structure, fingerprints and iris patterns to match profiles to databases of people, such as suspected terrorists. Some experts say face recognition is perhaps the most promising biometric technique for overcrowded airports because it relies on distant cameras to identify people -- not finger scanners or other devices requiring people to click, touch or stand in a particular position. Several airports adopted face-recognition software in an effort to beef up security after the suicide attacks on the World Trade Center and the Pentagon. In addition to Logan airport, Oakland International Airport in Oakland, California; T.F. Green Airport in Providence, Rhode Island; and Fresno Yosemite International Airport in California installed identification technology to check passengers. Earlier this year, the IATA started pushing the federal government to fund "smart cards" that contain embedded microchips for some travellers. The cards would contain an encoded biometric description of the cardholders, so when the card passed through a reader, a machine would verify that the card belonged to the person who presented it. JetBlue Airways already issues smart cards with embedded fingerprint information to employees who require access to airplanes. But biometrics could gain traction fastest among frequent fliers. By asking people to volunteer for the programme, the airlines wouldn't be infringing on privacy concerns of people who objected to biometric inspections. Some advocates say iris-scanning devices would save frequent fliers so much time that airlines could actually charge a fee -- say, $50 per year -- to customers whose time is extremely valuable. "It was a matter of picking people who travel a lot and wanted the convenience of the program," said Wanda Warner, assistant director of IATA's Washington office. "This started as a way to enhance convenience for the most frequent travelers. We used to think enhanced security was a great byproduct. Since 11 September, security is the chief reason we're doing it and convenience has become a great byproduct." Few airlines would comment on their ongoing discussions about biometrics, but Southwest Airlines spokeswoman Beth Harbin said that the low-cost operator might pass off the expense of biometrics or smart cards to customers who volunteer for the service. "There'd be some small fee for the convenience to pass through the airport quickly," Harbin said. "The hope is that this would limit the field of passengers we'd have to stop for inspection." The new biometric experiments are part of a larger emphasis on security in the wake of the terrorist attacks and news reports that poke holes in national security systems. According to an article in USA Today earlier this week, Transportation Department inspector general Kenneth Mead reported that human screeners at airports missed knives 70 percent of the time, guns 30 percent of the time and simulated explosives 60 percent of the time. Tests were conducted at 32 airports at the White House's request. Push for "two-factor security"
Private industry has been quick to exploit the security breach. One of the hottest buzz phrases has become "two-factor security," a decade-old concept in the intelligence industry that's catching on in corporate America. The idea is that one factor of security, such as password protection or biometric inspection, is not sufficient to protect a system from attack, and that most systems would be safer with a combination of factors. Alan L. McCann, senior vice president and general manager of corporate marketing at software security company Phoenix Technologies, said some industries, including finance and aviation, are even moving toward three-factor security. In addition to passwords and biometric inspection, they're requiring employees to use computers or other hardware that is directly connected to a central security system -- so that if they report a computer or cell phone as stolen, a security officer will immediately be able to track the device once it's turned on. "Three-factor security requires the user to present something he knows, such as a password; something he has, such as a piece of hardware; and something he is, such as a fingerprint or iris scan," McCann said. "It sounds tedious, but the reality is that people have to choose between freedom and security." Jeff Katz, vice president of marketing worldwide for semiconductor company Atmel, said orders have surged for non-volatile chips and secure microprocessors -- the chips destined for smart cards and biometric readers. "One idea popular now with the airlines is to take all of the airlines' frequent flier clubs and instead of issuing plastic cards with their name on them, issue people smart cards so it will be simpler for those people to bypass security gates and reduce the lines for everybody else," Katz said. "Anybody who wishes to enroll could certainly apply and have their security checked." But adding another layer of security -- either biometrics or smart cards -- would not be a panacea. With roughly 65,000 flights a day in the United States, no amount of technology can completely secure travellers from terrorism. Groups ranging from the American Civil Liberties Union (ACLU) to former security officers in private industry have complained that biometrics misidentifies some innocent people as criminals and lets other suspected or convicted criminals slip through security checks. "It is abundantly clear that the security benefits of (face-recognition surveillance) would be minimal to nonexistent, for a very simple reason: the technology doesn't work," according to a recent report from the ACLU, citing a survey from the Department of Defense on the technology's high margin of error in pinpointing terrorists. Harvey Burstein, a former FBI agent and security consultant and now the David B. Schulman professor of Security at Northeastern University in Boston, said human error would remain a factor even after the installation of biometric devices or a second factor of security. "The thing that concerns me with biometrics or anything else is whether the people who are supposed to use the equipment use it properly," Burstein said. "How many times have we heard about people being evacuated from a terminal because the screening device wasn't working, then it turns out some idiot forgot to plug it in? Or someone could enter an error when putting information into a database of suspected criminals. It's a question of supervision and oversight of the people who are supposed to be doing the work."
Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
