Americas

  • United States

Asia

Oceania

TSA PreCheck screening includes 3rd-party data-mining you ‘so long as it is legal’

Analysis
Jul 24, 20136 mins
Access ControlBiometricsData and Information Security

The TSA encouraged 3rd parties to datamine public info about you and to build hybrid PreCheck screening algorithms, feeling the need to specify 'as long as they are legal.'

There may be more than meets the eye to the TSA’s PreCheck biometric screening security program that just opened up to the general public, so the question is: What are you willing to hand over in order to join the ranks of travelers in an airport’s ‘happy lane’? TSA Administrator John Pistole said that is what some people call “PreCheck’s less onerous queue the airports,” according to Bloomberg. If you think PreCheck will allow you to skip body and bag scans, then dream on because it is still required.

To apply for PreCheck, travelers must provide general personal information, such as height, weight, hair color, address, date of birth and a government-issued ID. That info is basically on your driver’s license anyway, so if submitted online, then the next step is an onsite interview where you will be fingerprinted. All applicants must pass a background check. So far, not so bad, I suppose, if you want to be able to go through TSA PreCheck lanes at security checkpoints and leave on your shoes, belt, light outerwear, and keep your laptop in its case, and your “3-1-1 compliant liquids/gels bag in a carry-on in select screening lanes.”

If approved, then travelers will receive a Known Traveler Number (KTN). Pistole said, TSA PreCheck “enables us to focus on the travelers we know the least about, adding efficiency and effectiveness to the screening process.”

$85 for a five-year membership is the “anticipated” enrollment fee, but there may be a catch. The TSA has been seeking private partners for these PreCheck screenings. Bloomberg reported, “Travelers going through a private company wouldn’t have to submit personal details to the government, but the fee might be more than $85 depending on what companies charge.” Of the nine third-party proposals received, Pistole said, “We think three that we’re looking at are viable options.”

Apparently, people were not too interested in PreCheck, according to slide 8 from an Industry Day II presentation dated in February 2013. “There is a limited population of existing selected airline frequent flyers. Passengers invited have not opted in at the expected rate.” Although the “lists are good,” it stated that outside of DoD the population dwindles (e.g., limited number of Federal Judges and members of Congress).

That isn’t too big of a surprise as the TSA is not neccessarily a beloved agency. As part of the RFI objectives, the TSA is hoping to increase positive passenger experiences.

So when seeking third-party private partners for PreCheck screenings, TSA stated its intent was “to understand better how certain pre-screening processes conducted by non-governmental entities (‘third parties’) can enhance aviation security by placing more focus on pre-screening individuals who are U.S. Citizens, volunteer to participate, and are willing to provide some information about themselves that can be used to evaluate the degree of risk posed by that individual to the aviation transportation system.” Also, according to “Market Research RFI – Third Party Screening Final” that was posted on Federal Business Opportunities, “The specific sources and types of information employed for pre-screening purposes under this initiative may not be publically disclosed.”

About that background check to accurately access risks…Fast Company asked, “Would you volunteer to have your Internet history and consumer data analyzed by the Transportation Security Administration (TSA) and its contractors in exchange for a shorter line at airport security?” The third parties are supposed to collect “commercially available data.”

Although you know the government data-mines social media for “hot” keywords, the TSA doesn’t have the time, resources or people to do so for PreCheck screenings. The private parties were encouraged to “take a hybrid approach” on developing trusted algorithms, but the alarming bit is that the TSA felt it necessary to add “as long as they are legal.”

In the pursuit of the most effective security in the most efficient way (allowing entities latitude to do what makes the most sense for them), this Announcement will take a hybrid approach on development of trusted algorithms. TSA will specify a few common core requirements for process and algorithm content, while encouraging innovation by allowing participating entities to include additional elements in their algorithms as they see fit (as long as they are legal).

Below is the projected PreCheck screenings process flow chart for private third parties and the TSA.

Previously, only frequent fliers or travelers enrolled through U.S. Customs programs were allowed to use the PreCheck system that was at 40 U.S. airports. The Washington Post reported, “Passengers can apply for PreCheck through an online enrollment site beginning sometime this fall — TSA has not announced an exact date. Interested fliers must submit identification and fingerprints in person at Washington Dulles International Airport or Indianapolis International Airport, although the agency plans to expand to additional sites nationwide.”

The TSA estimates that about 88,000 travelers will participate in PreCheck during the first six months, with that number potentially going up around 383,000 travelers as the program expands during the first year. Furthermore, about 12 million travelers have passed through PreCheck so far…but that’s just a drop in the proverbial bucket since there are about 1.8 million airline passengers every day.

Are you inclined to apply for PreCheck? If so, be prepared to be datamined and to voluntarily hand over “private” information in order to join the ranks of travelers in an airport’s ‘happy lane.’ *Happiness and freedom from groping not guaranteed.*

Like this? Here’s more posts:

  • You might be a terrorist if…you complain about your tap water
  • Microsoft joins ranks of those believing the government is conspiring against them
  • Microsoft cites constitutional rights to lift gag orders, tell public about gov’t spying
  • Govt’s $2.7 million KILL IT WITH FIRE approach to malware: Destroy all hardware
  • How much privacy will you have with Microsoft’s ‘family of devices’?
  • Hackers can wipe or steal data from security holes in 300,000 servers
  • Hacking and attacking automated homes
  • Hijacking Office 365 and other major services via cookie re-use flaw
  • MSFT to developers: Fix Windows app security flaws in 180 days or be kicked from stores
  • Microsoft Research: MoodScope, a context-aware smartphone to sense and share your mood
  • USA PRISM Plus, the perfect NSA photo-sharing app for those who have nothing to hide

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.