Wednesday, 17 December 2008
TSA to require bar-coded boarding passes
Buried in the notice of the final rules for the Secure Flight airline passenger ID, surveillance, and control scheme is notice that the USA Transportation Security Administrations (TSA) intends to require airlines to add machine-readable codes to all boarding passes for flights in the USA:
To ensure the integrity of the boarding pass printing results and to prevent use of fraudulent boarding passes, TSA will also provide instructions for placing bar codes on the boarding passes in the future. TSA may provide instructions to the covered aircraft operators through an amendment to their security programs.
The Secure Flight rules themselves would obligate airlines to comply with TSA instructions for bar codes or any other TSA-mandated boarding pass coding for machine readability. Those instructions would be included in the TSA "user guide" for Secure Flight, which is to be provided to airlines but kept secret from travelers:
The covered aircraft operator must place a code on the boarding pass or authorization to enter the sterile area that meets the requirements described in the Consolidated User Guide.
Old-style ATB boarding passes, which were printed on individually numbered, controlled ticket forms (travel agencies were held liable for any tickets issued on stock numbers issued to them) that contained numerous physical security features, were much more secure than any "print at home" boarding passes or boarding passes sent to mobile phones by SMS message -- with or without two-dimensional bar codes. Every previous form of machine-readable travel document, including the encrypted storage of personal data on RFID chips in passports, has been cracked. Now that bar-coded boarding passes (BCBP) are "in the wild" at more and more airports, we don't expect it to take long before the the algorithm is cracked, so that anyone can generate their own boarding pass, with a valid two-dimensional bar code, and print it out or send it to the display of their mobile phone. Machine-readable travel documents won't make us more safe or secure, and in many ways will make us less so.
But that's not all that's wrong with this part of the Secure Flight scheme, or the larger pattern of which it is a part: the ongoing deep integration of government surveillance and control into the commercial infrastructure of movement of people.
The itinerary data on boarding passes has nothing to do with the ostensible purpose of Secure Flight: watch-list matching. Which flight(s) you are going to be on is of no use in determining whether your name is on a watch list. The TSA's mandate for collection of this information -- both in "Secure Flight Passenger Data" extracted from Passenger Name Records (PNR's) and in information from boarding passes -- makes clear that the real function of "Secure Flight" is surveillance, not watch-list matching.
As the Identity Project noted even before the TSA announced this new boarding pass encoding requirement, the real significance of any sort of machine-readable travel document is the degree to which it facilitates automated travel surveillance. The quicker, easier, and cheaper it is to capture transaction data (such as passage through a checkpoint in an airport, or the flight itinerary details on a boarding pass), the more likely it is that document inspection will quietly and invisibly be transformed into document-linked event logging.
Unfortunately, airlines are unlikely to object to TSA demands to make boarding passes more easily machine readable. The TSA's surveillance agenda dovetails neatly with industry goals of business process automation and more efficient collection of more detailed transactional data for operational and marketing use. Bar-coded boarding passes have been part of IATA's Simplifying the Business initiative as well as the joint ICAO/IATA/SITA Simplifying Passenger Travel (SPT) project. Both of these started as business process automation and cost-cutting projects, but are now being "marketed" by industry to governments as part of an effort to piggyback industry automation and IT infrastructure work on government security/surveillance/control mandates, and to get as much of this automation work paid for by governments as possible.
There's a complicated symbiosis between industry business process automation initiatives and government security/surveillance/control measures. It's often hard to tell which is leading the other, and government surveillance ("information exchange") and control ("clearance" or "authority to carry") functions are closely integrated into the SPT vision of the Ideal Process Flow for passenger airlines.
It's worth studying the latest verion of this vision statement in some detail. Among other noteworthy features is the explicit acceptance by the common-carrier airline industry of a permission-based government control system with a default of, "No" (p. 10):
A passenger will confirm their "Right to Fly" using an e-token. The passenger will validate their identity using a biometric to confirm that the "Authority to Carry" is valid. In the event that a "Security All Clear" message has not been received, then the passenger is not permitted to board and their hold baggage is off-loaded.
There's also a suggestion that airlines could permissably establish conditions of carriage such that passengers not given government permission to travel might not be entitled to a refund (p. 15):
Is the passenger eligible for a refund if travel is refused as a result of an iAPI "no board" message?
Eligibility for a refund will depend on the individual carrier policy and reasons for "no board" decision.
Sadly but not surprisingly, no representatives of travelers, government privacy or data protection authorities, or civil liberties or human rights organizations or authorities are part of the SPT project. In this context, it is hard to tell for certain, but bar-coded boarding passes appear to have originated with the industry (as a cheaper alternative to previous mag stripe boarding passes, and one more widely distributable through print-at-home and mobile phone boarding passes). Governments are piggybacking on what the industry would be doing anyway.
In asking you to provide the the details of your boarding pass -- whether by reading a printed document or scanning a bar code -- the TSA is making an "information collection request". For any such request of similar data elements from more than 10 people (the demand for baording pass data is made a million times a day at TSA checkpoints), any Federal agency is required to publish a notice in advance in the Federal Register justifying the information collection, and obtain the advance approval of the Office of Managament and Budget, as demonstrated by an OMB control number. Under the Paperwork Reduction Act (44 U.S.C. 3512):
(a) Notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information that is subject to this subchapter if--
(1) the collection of information does not display a valid control number assigned by the Director in accordance with this subchapter; or
(2) the agency fails to inform the person who is to respond to the collection of information that such person is not required to respond to the collection of information unless it displays a valid control number.
(b) The protection provided by this section may be raised in the form of a complete defense, bar, or otherwise at any time during the agency administrative process or judicial action applicable thereto.
I can find no record that the TSA has ever published a notice in the Federal Register of its collection of boarding pass data, and I've never been provided with an OMB control number (or with notice that one was required), when I've been asked to show my boarding pass at a TSA checkpoint. The TSA has published a Privacy Impact Assessement for the new bar-coded "Boarding Pass Screening System" (BPSS). It gives more detail than the Secure Flight rules as to what data will be bar coded, but it doesn't mention either the Paperwork Reduction Act, application for or receipt of OMB approval, or the current, ongoing, non-barcoded boarding pass inspection and information collection. OMB approval is little more than a procedural formality, and it wouldn't have been hard for the TSA to comply. Their failure to do so is indicative of their general disregard for the niceties of compliance with the law, and their explicitly stated and categorical refusal voluntarily to submit to judicial review of watch-list and "screening" decisions.
I'm not a lawyer, mind you. But as far as I can tell, this provision of the Paperwork Reduction Act would act as an absolute bar and defense to any attempt to impose penalties for refusing to comply with the TSA request for your boarding pass -- whether or not it contains a TSA-readable bar code. I imagine, though, that they would try to find some other excuse to refuse you passage and/or otherwise penalize you, such as for a violation of catch-all regulations against "interfering with the screening process" or the like.Link | Posted by Edward on Wednesday, 17 December 2008, 14:59 ( 2:59 PM) | TrackBack (0)