Give Alaska Airlines The Finger!
#31
Join Date: Aug 2012
Location: LON
Programs: AS MVPG, Marriott Titanium, UA Silver
Posts: 1,350
I'm one of GeekWire's two columnists. Shouldn't be hard to figure out which one.
I've written about AS' tech in the past for GeekWire, either as an entire column or as part of a travel-tech themed post.
I'll be writing about this next week, having seen the "preview" at the GeekWire Summit. Mostly interested in the privacy pros/cons, though for me (and anyone else in PreCheck) the privacy issue may be less as TSA already has much detail about me. Part of it will be if this is optional, as it is for Board Room entry now (and even as PreCheck is optional for travelers).
I've written about AS' tech in the past for GeekWire, either as an entire column or as part of a travel-tech themed post.
I'll be writing about this next week, having seen the "preview" at the GeekWire Summit. Mostly interested in the privacy pros/cons, though for me (and anyone else in PreCheck) the privacy issue may be less as TSA already has much detail about me. Part of it will be if this is optional, as it is for Board Room entry now (and even as PreCheck is optional for travelers).
#32
Join Date: Mar 2008
Location: Fort Lauderdale, FL
Posts: 3,360
If "all" they save is the information necessary to reproduce a fingerprint that gets you access to everything that my fingerprint gets me access to, I'm not particularly put at ease by the fact that a close inspection will reveal that it's the fake fingerptint that works just as well is not my actual fingerprint.
In the event of a data breach of biometric information, you only are at risk to that set of data. No one will be able to take that data and break into other secured biometric databases. And, in the case of Disney, even then it's not an end-of-the-world scenario as they require two methods of identification (biometrics and RFID).
That said, I get why some people are wary. Any smart private company will offer an alternative. (Disney does.) It's just not going to be convenient or seamless as biometrics.
#33
Join Date: Sep 2007
Programs: DL Silver, AS MVP, UA Silver, HHonors Diamond, Marriott Plat, SPG Plat, National Exec Elite
Posts: 3,883
As a Disney Annual Pass-holder for the last 8 years (my wife is an addict), I've been pretty desensitized to the idea of fingerprint bio-metrics. If an alternative is offered to those who want to opt-out, I'd be all for the added convenience of not needing documents or even my phone at hand to check-in and board.
#34
Join Date: Sep 2009
Location: PDX
Programs: AA Plat + SPG Plat
Posts: 235
#35
Join Date: Jul 2004
Location: SNA
Programs: AA EXP, UA 1K (until it expires then never again), *wood Plat, Marriott Gold
Posts: 9,239
In a phrase: One-way encryption. Has been used for passwords on computer systems for a long time.
You can take the source, encrypt it in a way that you cannot take the resultant information and reverse it to obtain the original information.
So when you present the original data (fingerprint image/metadata or password) and encrypt it again in the same way, then compare the two results, if match the results match - because it's the same source info - the system then gives a green light.
If done properly your personal information can never be leaked out, because it's in a format that's useless to those who want to exploit it.
Unfortunately, lots of organisations/government entities/etc don't always do it "the right way".
You can take the source, encrypt it in a way that you cannot take the resultant information and reverse it to obtain the original information.
So when you present the original data (fingerprint image/metadata or password) and encrypt it again in the same way, then compare the two results, if match the results match - because it's the same source info - the system then gives a green light.
If done properly your personal information can never be leaked out, because it's in a format that's useless to those who want to exploit it.
Unfortunately, lots of organisations/government entities/etc don't always do it "the right way".
#36
Join Date: Mar 2007
Location: Upper Left Corner of the Map
Programs: AS MVPG & Board Room, Marriott Silver, Global Entry
Posts: 2,203
I trust Alaska not to abuse my fingerprints more than I trust Disney. But then again, I don't trust the vermin at Disney at all.
I've been using the finger entry at the SEA Boardroom. Sometimes it takes more than one try, but its still better than standing in line.
I've been using the finger entry at the SEA Boardroom. Sometimes it takes more than one try, but its still better than standing in line.
#37
Join Date: Dec 2004
Location: BLI
Programs: Alaska Million Mile Flyer, Marriott Lifetime Titanium Elite
Posts: 3,193
Thanks!
Column on GeekWire's site is now live: "Alaska Airlines' biometric boarding pass: Lifting, or giving, a finger?"
It mentions FlyerTalk, too.
Column on GeekWire's site is now live: "Alaska Airlines' biometric boarding pass: Lifting, or giving, a finger?"
It mentions FlyerTalk, too.
#39
Join Date: Feb 2013
Location: TUS, SEA, OTP, OMR
Posts: 868
Yay! GeekWire FTW! (and you guys sometimes say nice things about us too!)
As others have stated, an actual image of your fingerprint is not stored. This would both present data theft problems and (historically) be slow, because of the requirement to transmit an entire image.
Instead, the scanner internally converts your fingerprint to a string, such as abc123. This string may be further encrypted, but as a general statement, it should be impractical to take the string and reproduce the image of a fingerprint from it.
When you scan in, the scanner may produce a string such as abc124. The controller will have a comparison function which determines if the presented fingerprint hash is sufficiently close to the original has that the system is confident it's really you.
Overall, I'm quite comfortable with AS storing this data. Even if it's breeched, there's virtually nothing nefarious that can be done with it. Even knowing the desired output, it's supposed to be impractical to generate and input that will produce that same output again.
My biggest concern would be how well these algorithms have been studied. As mentioned above, the usage of MD5 and SHA1 as the basis of online security for many years means that they've been exhaustively studied and weaknesses found.
A quick search of the literature didn't reveal much in the way of direct attack attempts on the fingerprint hashes (although of anyone knows of papers on the subject, please post). It seems most of the fingerprint scanner attacks are on the scanner itself, although it seems that many of these may be overcome using full frame scanners (as I suspect CBP does), instead of pixel shift or "broom" sensors.
In any case, I also signed up for the scanner in the boardroom as soon as I saw it.
As others have stated, an actual image of your fingerprint is not stored. This would both present data theft problems and (historically) be slow, because of the requirement to transmit an entire image.
Instead, the scanner internally converts your fingerprint to a string, such as abc123. This string may be further encrypted, but as a general statement, it should be impractical to take the string and reproduce the image of a fingerprint from it.
When you scan in, the scanner may produce a string such as abc124. The controller will have a comparison function which determines if the presented fingerprint hash is sufficiently close to the original has that the system is confident it's really you.
Overall, I'm quite comfortable with AS storing this data. Even if it's breeched, there's virtually nothing nefarious that can be done with it. Even knowing the desired output, it's supposed to be impractical to generate and input that will produce that same output again.
My biggest concern would be how well these algorithms have been studied. As mentioned above, the usage of MD5 and SHA1 as the basis of online security for many years means that they've been exhaustively studied and weaknesses found.
A quick search of the literature didn't reveal much in the way of direct attack attempts on the fingerprint hashes (although of anyone knows of papers on the subject, please post). It seems most of the fingerprint scanner attacks are on the scanner itself, although it seems that many of these may be overcome using full frame scanners (as I suspect CBP does), instead of pixel shift or "broom" sensors.
In any case, I also signed up for the scanner in the boardroom as soon as I saw it.
#40
Join Date: Aug 2012
Location: LON
Programs: AS MVPG, Marriott Titanium, UA Silver
Posts: 1,350
Thanks!
Column on GeekWire's site is now live: "Alaska Airlines' biometric boarding pass: Lifting, or giving, a finger?"
It mentions FlyerTalk, too.
Column on GeekWire's site is now live: "Alaska Airlines' biometric boarding pass: Lifting, or giving, a finger?"
It mentions FlyerTalk, too.
#41
Join Date: Dec 2004
Location: BLI
Programs: Alaska Million Mile Flyer, Marriott Lifetime Titanium Elite
Posts: 3,193
#42
Join Date: Sep 2004
Location: Southern Bavaria, Germany
Programs: LH Blue, BA Blue, Hyatt Gold
Posts: 1,517
In former times - not so long ago - fingerprinting was strictly limited to criminals. Until now even the Canadian passports don't have fingerprints.
Using the fingerprints as a biometric recognition feature is the most intrusive option. And exactly for that reason it is used.
The new biometric photos are safe enough.
And by the way: The brutal and inhuman terrorist attacks can't be prevented by fingerprinting. Suicide bombers who throw their lives away even transmit propaganda videos of their terrorists.
So IMHO every fingerprint taken is a setback for the values of the Western world and the transatlantic partners. The best way would be to communicate these values openly and slash all the ID requirements for domestic flights.
And soon you will see: A new sense of freedom will spread.....
And will on the long run dry out the supplies for all those terrorist groups due to the fact that the US will becomea stronghold of freedom.
Thus terminating the violence by a good archetype.
Using the fingerprints as a biometric recognition feature is the most intrusive option. And exactly for that reason it is used.
The new biometric photos are safe enough.
And by the way: The brutal and inhuman terrorist attacks can't be prevented by fingerprinting. Suicide bombers who throw their lives away even transmit propaganda videos of their terrorists.
So IMHO every fingerprint taken is a setback for the values of the Western world and the transatlantic partners. The best way would be to communicate these values openly and slash all the ID requirements for domestic flights.
And soon you will see: A new sense of freedom will spread.....
And will on the long run dry out the supplies for all those terrorist groups due to the fact that the US will becomea stronghold of freedom.
Thus terminating the violence by a good archetype.
#43
Join Date: Dec 2012
Location: SFO
Programs: UA 1MM, Marriott LT Plat, Hilton Diamond
Posts: 184
From The Street
Alaska Airlines Pushes for Fingerprint Scanning at Check-in
The sixth largest airline in the U.S. is pushing for shorter lines at the airport by scanning your fingerprint. It wants to replace travel documents like passport and driver's license to let flyers get through check-in quicker.
Alaska Airlines Pushes for Fingerprint Scanning at Check-in
The sixth largest airline in the U.S. is pushing for shorter lines at the airport by scanning your fingerprint. It wants to replace travel documents like passport and driver's license to let flyers get through check-in quicker.
#44
Join Date: Dec 2004
Location: BLI
Programs: Alaska Million Mile Flyer, Marriott Lifetime Titanium Elite
Posts: 3,193
This could be fun - I don't have readable fingerprints. My line of work requires me to get periodic background checks and the FBI needs to reject my prints twice before they do the check based on my name - which takes 30-45 days from start to finish. I have a Clear membership and use the iris scan otherwise people behind me would be there forever.
#45
FlyerTalk Evangelist
Join Date: Mar 2006
Location: DFW
Programs: AA 1M
Posts: 31,474
Alaska Airlines advocates fingerprint check-in would have been much more descriptive as a thread title.
http://www.flyertalk.com/help/rules.php#threadtitles
http://www.flyertalk.com/help/rules.php#threadtitles