Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Politech mailing list archives

Privacy villain of the week: "Registered traveler" program [priv]
From: Declan McCullagh <declan () well com>
Date: Tue, 30 Mar 2004 02:48:18 -0500


-------- Original Message --------
Subject: Privacy Villain of the Week
Date: Mon, 29 Mar 2004 12:17:49 -0500
From: Consumer Alert <info () consumeralert org>

Privacy Villain of the Week:
'Registered Traveler' enablers
The Transportation Security Administration announced last week that it will be initiating a pilot test program of its long-touted "trusted traveler,' now rechristened 'registered traveler' program. The program will be a 'voluntary' (at the outset, anyway) internal biometric passport system set up at airports around the country. <http://cryptome.org/tsa031804.txt>
The idea is being sold to potential volunteers on the basis that turning over your iris-scan to the Department of Homeland Security will allow you to go through a less harassing experience at the airport. How effective this will be at lessening hassle is unclear, however. The majority of the hassle at the airports for travelers comes at the metal detector gauntlet where air travel consumers must remove coats, keys, often shoes, take their laptop from its case, etc. Yet a TSA spokesman told Wired News, "the card is not a 'get out of security checks' card, and that those who register will still have to go through metal detectors. The program may, however, create designated lanes to speed registered travelers past long lines." <http://www.wired.com/news/privacy/0,1848,62777,00.html>
Additionally, with the TSA insisting on pushing the CAPPS II passenger screening program, all of them will undergo a background check every time they buy an air ticket anyway. So the value of the background check a "trusted traveler" goes through is unclear. Even if he has already turned his iris over to Sec. Ridge, any future 'anomaly' in his credit or phone records could conceivably put him into the special scrutiny category that entails more invasive searches.
On the other hand, if TSA is being disingenuous and those who get the cards will undergo very little scrutiny, the system would be ripe for abuse, particularly by anyone with connections on the inside.
Given all this, it is unclear what the usefulness of the card will be, beyond establishing a biometric database for the federal government. The only practical effect would seem to be harassment of those who do not wish to be scanned and traced, since they will have to wait in longer lines to go through identical search procedures.
With what little information that has been put out by TSA so far, the program seems to be little more than a backdoor to a national biometrically-enabled ID program.
And the required privacy notices for the program have not been issued by TSA, which says they "may not" apply since the program is voluntary. The dearth of information leaves air travelers even more in the dark as to what may lie ahead.
Government's one-size-fits-all programs typically degenerate into one-size-fits-none, and security is no different. There may be a place for similar programs in a free and private air travel and air security market. But TSA is determined that command-and-control supplant market processes. Anyone who volunteers to be guinea pigs for this odd privacy-destroying program should think twice. There is nothing to indicate that surrendering privacy will lead to anything resembling more security under such a program. TSA hopes to get 5,000 volunteers for the pilot program. Don't do it. We don't need 5,000 unwitting privacy villains cultivating this process which deserves to die on the vine. 

By James Plummer
The Privacy Villain of the Week and Privacy Hero of the Month are projects of the National Consumer Coalition's Privacy Group. Privacy Villain audio features occasionally available from FCF News on Demand. For more information on the NCC Privacy Group, see www.nccprivacy.org or contact James Plummer at 202-467-5809 or via email. This release available online at <http://www.nccprivacy.org/handv/040326villain.htm> 

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

  By Date           By Thread  

Current thread:
  • Privacy villain of the week: "Registered traveler" program [priv] Declan McCullagh (Mar 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]