What exactly is the purpose of them checking IDs so closely?
May 28, 2008 | 3:05 pm
#1
Original Poster
FlyerTalk Evangelist
Join Date: Nov 2003
Location: Jupiter, FL
Programs: DL PM, Marriott Lifetime Titanium, Hilton Silver
Posts: 39,568
What exactly is the purpose of them checking IDs so closely?
I realize it is to make sure that everyone that travels has an ID and I guess to ensure you are not on the no fly list.
However, since they don't actually check the ID against anything other than your boarding pass, there is no real check.
Let's say I wanted to avoid having them know my real name on the flight.
Step 1: I get a Visa gift card.
Step 2: I use it to purchase a ticket in someone else's name.
Step 3: I use a computer and printer to fake a boarding pass, or more simply, a copier and whiteout with my real name on it.
Step 4: I do an online check in for the ticket in someone else's name.
Step 5: I go through security with my real id, which they carefully examine for it's genuineness and see that it matches the name on my fake boarding pass, but don't compare the name to any flight manifest or do not fly list.
Step 6: Board the flight with my real boarding pass with someone else's name.
While you or I would not go through this effort (especially since we'd miss out on the mieage credit) for someone truly wanting to aviod examination, it'd be pretty easy.
Seems pointless to check the ID against nothing more than your boarding pass, an easily faked document.
Or am I missing something here?
However, since they don't actually check the ID against anything other than your boarding pass, there is no real check.
Let's say I wanted to avoid having them know my real name on the flight.
Step 1: I get a Visa gift card.
Step 2: I use it to purchase a ticket in someone else's name.
Step 3: I use a computer and printer to fake a boarding pass, or more simply, a copier and whiteout with my real name on it.
Step 4: I do an online check in for the ticket in someone else's name.
Step 5: I go through security with my real id, which they carefully examine for it's genuineness and see that it matches the name on my fake boarding pass, but don't compare the name to any flight manifest or do not fly list.
Step 6: Board the flight with my real boarding pass with someone else's name.
While you or I would not go through this effort (especially since we'd miss out on the mieage credit) for someone truly wanting to aviod examination, it'd be pretty easy.
Seems pointless to check the ID against nothing more than your boarding pass, an easily faked document.
Or am I missing something here?
May 28, 2008 | 3:30 pm
#2
Join Date: Oct 2002
Location: Arizona
Programs: *wood Gold, Marriott Gold, DL Silver, Hilton Silver, F9 Ascent
Posts: 2,419
Step 5: I go through security with my real id, which they carefully examine for it's genuineness and see that it matches the name on my fake boarding pass, but don't compare the name to any flight manifest or do not fly list.
Step 6: Board the flight with my real boarding pass with someone else's name.
Seems pointless to check the ID against nothing more than your boarding pass, an easily faked document.
Or am I missing something here?
Step 6: Board the flight with my real boarding pass with someone else's name.
Seems pointless to check the ID against nothing more than your boarding pass, an easily faked document.
Or am I missing something here?
a. The Emperor has no clothes
b. ID checks != security
c. ID checks = airline revenue protection
d. All of the above
A friend who works on DHS/TSA programs mentioned the fake/photoshopped/altered boarding pass trick won't work in the near future. You know that pilot program at IAH where CO pax using a Crackberry or other smartphone can get their bp in the form of a 2D barcode that a TSA scans at the checkpoint? Well, they want to roll out that same program to paper boarding passes.
Sure, you can still do the same trick but you'll have to buy an actual ticket...or crack the PKI encryption used in encoding the 2D barcode.
http://www.dhs.gov/xlibrary/assets/p...a_tsa_bpss.pdf
Abstract
The Boarding Pass Scanning System (BPSS) is a process and technology that validates the authenticity of the boarding pass at the TSA security checkpoint using 2-dimensional (2D) bar code readers and encryption techniques. The BPSS will display machine readable data from the boarding pass for confirmation against the human readable portions of the boarding pass to verify that the boarding pass is legitimate and has not been tampered with. Once confirmed, the displayed data will be deleted from the BPSS.
Introduction
The vulnerabilities associated with fake boarding passes are well-known. In the fall of 2006 a doctoral student at Indiana University created a website that enabled individuals to create fake boarding passes. This website garnered significant media attention, as it demonstrated how a known terrorist who is on the Watch or No-Fly List could use a fake boarding pass to gain access to the sterile area of the airport. Once inside the sterile area, the terrorist could use a real boarding pass acquired under an alias to board the plane.
In order to eliminate this vulnerability, the Transportation Security Administration (TSA) has begun to pilot new technologies that can identify fake or tampered forms of identification. TSA also has begun to consider ways to encode boarding passes with a security code that could ensure their authenticity. The BPSS is a process and technology that validates the authenticity of the boarding pass at the TSA security checkpoint using 2-dimensional (2D) bar code readers and encryption techniques. The BPSS will be compatible with any 2D barcode and can be used with paper boarding passes printed on a home computer via online check-in procedures, paper boarding passes printed by the airlines, or a paperless boarding passes that are sent to passengers’ mobile devices such as cell phones, Blackberrys, or Personal Digital Assistants (PDA).
...
If a boarding pass is determined by the BPSS to have been tampered with or not authentic, the passenger will be referred to local law enforcement officers and TSA will capture the details of the incident in its existing incident database using established forms and processes. The primary database for capturing incident information at TSA is the Performance And Results Information System (PARIS).
Here's a tidbit the privacy prone folks of TS&S should find interesting...(red emphasis mine)The Boarding Pass Scanning System (BPSS) is a process and technology that validates the authenticity of the boarding pass at the TSA security checkpoint using 2-dimensional (2D) bar code readers and encryption techniques. The BPSS will display machine readable data from the boarding pass for confirmation against the human readable portions of the boarding pass to verify that the boarding pass is legitimate and has not been tampered with. Once confirmed, the displayed data will be deleted from the BPSS.
Introduction
The vulnerabilities associated with fake boarding passes are well-known. In the fall of 2006 a doctoral student at Indiana University created a website that enabled individuals to create fake boarding passes. This website garnered significant media attention, as it demonstrated how a known terrorist who is on the Watch or No-Fly List could use a fake boarding pass to gain access to the sterile area of the airport. Once inside the sterile area, the terrorist could use a real boarding pass acquired under an alias to board the plane.
In order to eliminate this vulnerability, the Transportation Security Administration (TSA) has begun to pilot new technologies that can identify fake or tampered forms of identification. TSA also has begun to consider ways to encode boarding passes with a security code that could ensure their authenticity. The BPSS is a process and technology that validates the authenticity of the boarding pass at the TSA security checkpoint using 2-dimensional (2D) bar code readers and encryption techniques. The BPSS will be compatible with any 2D barcode and can be used with paper boarding passes printed on a home computer via online check-in procedures, paper boarding passes printed by the airlines, or a paperless boarding passes that are sent to passengers’ mobile devices such as cell phones, Blackberrys, or Personal Digital Assistants (PDA).
...
If a boarding pass is determined by the BPSS to have been tampered with or not authentic, the passenger will be referred to local law enforcement officers and TSA will capture the details of the incident in its existing incident database using established forms and processes. The primary database for capturing incident information at TSA is the Performance And Results Information System (PARIS).
Fair Information Principles
The Privacy Act of 1974 articulates concepts of how the Federal government should treat individuals and their information. These concepts are known as the Fair Information Principles (FIPs). The FIPs impose duties upon Federal agencies regarding the collection, use, dissemination, and maintenance of personally identifiable information. The Homeland Security Act of 2002 Section 222(2) states that the Chief Privacy Officer shall assure that information is handled in full compliance with the fair information practices as set out in the Privacy Act of 1974.
DHS conducts Privacy Impact Assessments on both programs and information technology systems, pursuant to the E-Government Act of 2002 Section 208 and the Homeland Security Act of 2002 Section 222. This PIA examines the privacy impact of BPSS operations as it relates to the Fair Information Principles.
1. Principle of Transparency
Principle: DHS should be transparent and provide notice to the individual regarding its collection, use, dissemination, and maintenance of Personally Identifiable Information (PII). Technologies or systems using PII must be described in a SORN and PIA, as appropriate. There should be no system the existence of which is a secret.
Most PIAs are conducted on IT systems that collect and retain PII. The BPSS does not use information in this way and, in fact, specifically does not retain any information once the boarding pass has been scanned. TSA is conducting this PIA in order to be further transparent and provide notice to the individual regarding the BPSS. Further, information on the BPSS will be posted to TSA’s website.
5. Principle of Use Limitation
Principle: DHS should use PII solely for the purpose(s) specified in the notice. Sharing PII outside the Department should be for a purpose compatible with the purpose for which the PII was collected.
None of the PII data collected by TSA through the BPSS will ever be disseminated or shared – not even within the Department. This data will be immediately deleted after it is compared with the hash. The memory is cleared once the next boarding pass is scanned.
The Privacy Act of 1974 articulates concepts of how the Federal government should treat individuals and their information. These concepts are known as the Fair Information Principles (FIPs). The FIPs impose duties upon Federal agencies regarding the collection, use, dissemination, and maintenance of personally identifiable information. The Homeland Security Act of 2002 Section 222(2) states that the Chief Privacy Officer shall assure that information is handled in full compliance with the fair information practices as set out in the Privacy Act of 1974.
DHS conducts Privacy Impact Assessments on both programs and information technology systems, pursuant to the E-Government Act of 2002 Section 208 and the Homeland Security Act of 2002 Section 222. This PIA examines the privacy impact of BPSS operations as it relates to the Fair Information Principles.
1. Principle of Transparency
Principle: DHS should be transparent and provide notice to the individual regarding its collection, use, dissemination, and maintenance of Personally Identifiable Information (PII). Technologies or systems using PII must be described in a SORN and PIA, as appropriate. There should be no system the existence of which is a secret.
Most PIAs are conducted on IT systems that collect and retain PII. The BPSS does not use information in this way and, in fact, specifically does not retain any information once the boarding pass has been scanned. TSA is conducting this PIA in order to be further transparent and provide notice to the individual regarding the BPSS. Further, information on the BPSS will be posted to TSA’s website.
5. Principle of Use Limitation
Principle: DHS should use PII solely for the purpose(s) specified in the notice. Sharing PII outside the Department should be for a purpose compatible with the purpose for which the PII was collected.
None of the PII data collected by TSA through the BPSS will ever be disseminated or shared – not even within the Department. This data will be immediately deleted after it is compared with the hash. The memory is cleared once the next boarding pass is scanned.
May 28, 2008 | 3:41 pm
#4
Join Date: Oct 2007
Location: Munich, Germany
Programs: Miles&More Blue, SPG Silver
Posts: 3,452
About the ID checks. The biggest part of the TSA ID-Checker training is to memorize the No-Fly-List. They check your name against the memorized No-Fly-List.
May 28, 2008 | 4:07 pm
#5
Original Poster
FlyerTalk Evangelist
Join Date: Nov 2003
Location: Jupiter, FL
Programs: DL PM, Marriott Lifetime Titanium, Hilton Silver
Posts: 39,568
A friend who works on DHS/TSA programs mentioned the fake/photoshopped/altered boarding pass trick won't work in the near future. You know that pilot program at IAH where CO pax using a Crackberry or other smartphone can get their bp in the form of a 2D barcode that a TSA scans at the checkpoint? Well, they want to roll out that same program to paper boarding passes.
May 28, 2008 | 5:13 pm
#7
Join Date: May 2007
Location: PHL
Programs: US/*A, Marriott, ICH, Budget, Avis
Posts: 762
who actually checks against the nofly list...security or the airline? Needn't one only buy a refundable ticket to circumvent whom, if anyone, is checking and fly on an identical nonfundable?
Last edited by MarcPHL; May 28, 2008 at 7:43 pm
May 29, 2008 | 6:37 am
#9
Join Date: Aug 2006
Location: DCA / WAS
Programs: DL 2+ million/PM, YX, Marriott Plt, *wood gold, HHonors, CO Plt, UA, AA EXP, WN, AGR
Posts: 9,386
Well, they want to roll out that same program to paper boarding passes.
I'd guess I see a couple of folks per-flight where the gate BP readers don't read the codes correctly and the gate agents have to type it in by hand. Gotta be worse with the handheld readers.
(sarcasm on) Oh, well, who cares about delays if they keep us "safe"....
May 29, 2008 | 6:59 am
#10
FlyerTalk Evangelist
Join Date: Dec 2003
Location: Miami, FL
Programs: AA EXP/Marriott Plat/Hertz PC
Posts: 12,724
I think you all are missing the point. ID checking is vitally important. If another person does crash a plane into a building, it's important that law enforcement find that person and make sure he/she never does it again.
May 29, 2008 | 7:07 am
#11
Join Date: Oct 2003
Location: montreal
Posts: 305
I like counting the number of times my documents are checked.
In the Montreal airport you have to show your passport, boarding pass and US immigration form after leaving the check-in area. After waiting in line for US immigration, they check your passport and keep the immigration form. Walk twenty steps and you have to show your boarding pass before entering the line for the security check. They check the boarding pass again as you go through the metal detector. Present boarding pass and passport before going down the boarding ramp and present boarding pass once again as you enter the plane.
A colleague jokingly told me about the safest airport in the world. Two months later, I actually experienced it. This was about three years ago, so it may have changed. I forget if it was Des Moines or Kansas City, but as you enter the gate area you show your ID and boarding pass to a security person who dutifully checks it and hands it back. Ten paces away, you hand your ID and boarding pass to another security person who checks it and hands it back. I had to ask, "Um, why are you checking it if that person just checked it?" In a bored tone she replied that she was checking for something different. Sigh
In the Montreal airport you have to show your passport, boarding pass and US immigration form after leaving the check-in area. After waiting in line for US immigration, they check your passport and keep the immigration form. Walk twenty steps and you have to show your boarding pass before entering the line for the security check. They check the boarding pass again as you go through the metal detector. Present boarding pass and passport before going down the boarding ramp and present boarding pass once again as you enter the plane.
A colleague jokingly told me about the safest airport in the world. Two months later, I actually experienced it. This was about three years ago, so it may have changed. I forget if it was Des Moines or Kansas City, but as you enter the gate area you show your ID and boarding pass to a security person who dutifully checks it and hands it back. Ten paces away, you hand your ID and boarding pass to another security person who checks it and hands it back. I had to ask, "Um, why are you checking it if that person just checked it?" In a bored tone she replied that she was checking for something different. Sigh
May 29, 2008 | 7:10 am
#12
FlyerTalk Evangelist
Join Date: Dec 2003
Location: Miami, FL
Programs: AA EXP/Marriott Plat/Hertz PC
Posts: 12,724
A colleague jokingly told me about the safest airport in the world. Two months later, I actually experienced it. This was about three years ago, so it may have changed. I forget if it was Des Moines or Kansas City, but as you enter the gate area you show your ID and boarding pass to a security person who dutifully checks it and hands it back. Ten paces away, you hand your ID and boarding pass to another security person who checks it and hands it back. I had to ask, "Um, why are you checking it if that person just checked it?" In a bored tone she replied that she was checking for something different. Sigh
May 29, 2008 | 7:51 am
#13
FlyerTalk Evangelist
Join Date: Apr 1999
Location: Bryn Mawr PA & Wailea HI
Posts: 15,726
I feel 50% safer each time an ID is checked. I feel 100% safer each time one is wanded. Right now on an average trip I feel 2135% safer than last year and 3775% safer than two years ago. Isnt it wonderful?
MisterNice
MisterNice
May 29, 2008 | 8:19 am
#14
FlyerTalk Evangelist
Join Date: Sep 2002
Location: Between AUS, EWR, and YTO In a little twisty maze of airline seats, all alike.. but I wanna go home with the armadillo
Programs: CO, NW, & UA forum moderator emeritus. Eurobonus Millionaire
Posts: 38,683
May 29, 2008 | 9:10 am
#15
Join Date: Feb 2003
Posts: 1,297
Scannable tickets are used for sporting events, concerts, shows and even some movie theaters. I don't see an issue. Airlines could put a self-service kiosk near the security check point so passengers can re-print their BPs but I doubt that will be necessary.
We can certainly debate if such a system is necessary but I don't see any problems implementing it.
We can certainly debate if such a system is necessary but I don't see any problems implementing it.
In the name of "security" you'll be sent back to the check-in counter if the boarding pass is folded, bent, or otherwise makes the code illegible by the reader. I see a GIANT cluster-frag in the making. Y'all think things are slow now?
I'd guess I see a couple of folks per-flight where the gate BP readers don't read the codes correctly and the gate agents have to type it in by hand. Gotta be worse with the handheld readers.
(sarcasm on) Oh, well, who cares about delays if they keep us "safe"....
I'd guess I see a couple of folks per-flight where the gate BP readers don't read the codes correctly and the gate agents have to type it in by hand. Gotta be worse with the handheld readers.
(sarcasm on) Oh, well, who cares about delays if they keep us "safe"....