Go Back  FlyerTalk Forums > Travel&Dining > Travel Safety/Security > Trusted Travelers
Reload this Page >

New TSA ID scanners for PreCheck Passengers - No Boarding Passes Required/Used

New TSA ID scanners for PreCheck Passengers - No Boarding Passes Required/Used

Old May 29, 17, 5:41 pm
  #1  
A FlyerTalk Posting Legend
Original Poster
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 52,577
New TSA ID scanners for PreCheck Passengers - No Boarding Passes Required/Used

Apologies if I missed a thread already devoted to this topic; I didn't see one.

Anyway, on Sunday at IAD, at the Pre checkpoint the TDC was scanning IDs on a much-larger device, and turning away actual BPs. Yes, I know that checking ID and BP match is meaningless and easily circumvented, but it was interesting to see the TSA apparently admit as much.

The device appeared to be a small computer workstation of some sort. Interestingly enough, I recall seeing talk of integrating ID scanners into overall security at the checkpoint (including integration with SecureFlight, WTMDs, x-rays, and AITs), but it was proposal-phase, not deployment--so I thought.

Anyone else noticed this? My guess is the ID check station is integrated into SecureFlight and checks if you're traveling that day (and at the Pre checkpoint, are eligible for Pre)? Not sure how much the airlines share to make this happen.
exerda is online now  
Old Jun 1, 17, 10:32 am
  #2  
 
Join Date: Nov 2015
Location: At the moment? ...
Programs: DL DM, Marriott Titanium
Posts: 354
Wonder how widespread this is. I went through PreCheck at IAD this morning and saw this in action. It was...disconcerting, but that may have been because shortly thereafter I read an article on how B6 and someone else was going to trial test facial recognition.
tvtd is offline  
Old Jun 3, 17, 11:53 am
  #3  
 
Join Date: Apr 2017
Posts: 41
Has IAD create a security vulnerability for Precheck?

This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.

Originally Posted by exerda View Post
At IAD on Sunday, I noticed the Pre line no longer actually checks / scans your BP at all (there is an airport employee at the head of the line who glances at your BP for TSAPre logo, but that's it). They now scan your ID and don't bother to confirm it matches BP at all (interesting, if logical in real-people thinking, just not logical in TSA thinking). But that is fodder for another thread--just have to find the right one...
If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.
sunshinekid is offline  
Old Jun 3, 17, 12:35 pm
  #4  
 
Join Date: Jan 2016
Location: SFO
Programs: UA 1K, Bonvoy Ti
Posts: 812
Originally Posted by sunshinekid View Post
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.



If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.
The ID is verified against an internal precheck list.
GoSh4rks is offline  
Old Jun 4, 17, 4:03 am
  #5  
 
Join Date: Nov 2010
Location: Baltimore, MD USA
Programs: Southwest Rapid Rewards. Tha... that's about it.
Posts: 3,945
I seem to recall hearing somewhere that DCA and IAD are TSA's 'prototype' airports where they will often test new procedures and equipment before deploying them nationally. Perhaps this new scanner is the latest money-wasting gizmo, foisted upon the American taxpayer by former DHS or TSA executives working for a tech company, under the guise of making us more secure.

The new device could be any number of things - an image scanner recording actual images of the IDs; an RFID reader checking the chips in various types of cards and passports; a terminal that checks IDs against the NFL or other database; or something else that I can't even imagine. No matter what, I'm sure that any security benefit it may theoretically provide will be neither effectively implemented nor worth the inflated price tag of the device. This is TSA we're talking about, after all.
WillCAD is offline  
Old Jun 4, 17, 8:08 am
  #6  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: DFW
Posts: 15,819
Would it be expected that this new scanner is connected to watch list databases? I don't agree with ID checking but not checking watch lists really makes ID checking a worthless exercise.
Boggie Dog is offline  
Old Jun 5, 17, 7:02 pm
  #7  
A FlyerTalk Posting Legend
Original Poster
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 52,577
Originally Posted by Boggie Dog View Post
Would it be expected that this new scanner is connected to watch list databases? I don't agree with ID checking but not checking watch lists really makes ID checking a worthless exercise.
I understand it does connect with SecureFlight, and it's made by MorphoDetection (who got bought by Smiths recently). This would imply that it does hit at least the same lists that SecureFlight does.
exerda is online now  
Old Jun 5, 17, 9:35 pm
  #8  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: DFW
Posts: 15,819
Originally Posted by exerda View Post
I understand it does connect with SecureFlight, and it's made by MorphoDetection (who got bought by Smiths recently). This would imply that it does hit at least the same lists that SecureFlight does.
Unless an ID is checked against some watch list(s) I see no reason to waste time checking them. Even checking against the lists serve little purpose. Screen the person for WEI and move on.
Boggie Dog is offline  
Old Jun 7, 17, 9:03 am
  #9  
 
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTP, Hertz President's Club
Posts: 928
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.

Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.

From the document I linked to above:

Originally Posted by DHS/TSA
In its efforts to address the security vulnerabilities in the authentication of passenger identity documents and/or boarding passes, TSA will send certain Secure Flight data to generate the boarding pass outside of the airport security area; then through TSA’s Security Technology.Integrated Program (STIP) to CAT/BPSS inside of the airport security area. This process allows the TDC to verify the content of the identity document and/or boarding pass presented by the passenger directly against the content of the Secure Flight database that generates the boarding pass instruction. TSA will transmit passengers’ full name, gender, date of birth, Secure Flight screening status, reservation control number, and flight itinerary from the Secure Flight
database to STIP. STIP will then send the Secure Flight data to the CAT/BPSS devices. The data will be securely transmitted in such a way that only the Secure Flight data for passengers scheduled to fly from a specific airport will be sent to CAT/BPSS devices at that airport. If name mismatches occur, CAT/BPSS will display a list of Secure Flight data on passengers with similar attributes (e.g., the same date of birth, gender, last name, and/or first name) that are scheduled to travel on the same day at their assigned airport in order to compare data and resolve name mismatches. TSA will delete the data from STIP and the CAT/BPSS devices within twenty-four (24) hours of the flight departure time. This process will apply to all locations where TSA will pilot and deploy Secure Flight connectivity
Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
phltraveler is offline  
Old Jun 7, 17, 9:17 am
  #10  
A FlyerTalk Posting Legend
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 42,959
There is no mystery here. The pilot for IAD & DCA was widely announced.

The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.

If you don't, then you are dealt with through a secondary check.
Often1 is offline  
Old Jun 7, 17, 11:06 am
  #11  
 
Join Date: May 2012
Posts: 172
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.
iamflyer is offline  
Old Jun 7, 17, 1:07 pm
  #12  
 
Join Date: Nov 2010
Location: Baltimore, MD USA
Programs: Southwest Rapid Rewards. Tha... that's about it.
Posts: 3,945
Originally Posted by phltraveler View Post
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.

Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.

From the document I linked to above:



Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
Originally Posted by Often1 View Post
There is no mystery here. The pilot for IAD & DCA was widely announced.

The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.

If you don't, then you are dealt with through a secondary check.
Originally Posted by iamflyer View Post
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.
Yes, and all of this would eliminate the possibility of flying without ID. It would also place us at the mercy of government computer systems with ID information and PII stored on them, which are about as secure as a kitchen colander. How many data breaches has the federal government had in the last ten years or so? And how many innocent people are on the NFL by mistake with little to no legal recourse for getting off?

No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.
windscar likes this.
WillCAD is offline  
Old Jun 7, 17, 1:52 pm
  #13  
 
Join Date: Aug 2012
Posts: 3,399
Originally Posted by Often1 View Post
There is no mystery here. The pilot for IAD & DCA was widely announced.

The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.

If you don't, then you are dealt with through a secondary check.
No, all it says is that the ID is a valid ID and matches the BP. It does not say that you are who the ID says you are.
petaluma1 is offline  
Old Jun 7, 17, 8:29 pm
  #14  
 
Join Date: May 2012
Posts: 172
Originally Posted by WillCAD View Post
Yes, and all of this would eliminate the possibility of flying without ID. It would also place us at the mercy of government computer systems with ID information and PII stored on them, which are about as secure as a kitchen colander. How many data breaches has the federal government had in the last ten years or so? And how many innocent people are on the NFL by mistake with little to no legal recourse for getting off?

No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.
I absolutely agree with you, was just thinking about other possible implications and ways the TSA will sell it as a great thing
iamflyer is offline  
Old Jun 9, 17, 6:58 pm
  #15  
A FlyerTalk Posting Legend
Original Poster
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 52,577
Originally Posted by iamflyer View Post
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.
That's an interesting point. You'd think it would.


Originally Posted by petaluma1 View Post
No, all it says is that the ID is a valid ID and matches the BP. It does not say that you are who the ID says you are.
Yes, and one worry is that the screener will rely too much on the machine and not really pay close attention to whether the ID matches the pax or is not tampered with in any way (or that the TSO can judge that accurately, which is another matter altogether). "But the machine said they're good!" I worry about such false sense of security through relying too much on technology...


Originally Posted by phltraveler View Post
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.

[...]


Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
There's a RFQ for a BPA out there right now regarding the follow-on to STIP which would bring back online most of the checkpoint screening devices. I'd be interested to see what they (the TSA) intend to do with linking the CAT, SecureFlight, WTMD, checked baggage x-rays, etc., in any kind of fashion which makes a remote degree of sense.

As I work for one of the companies potentially bidding on that BPA, I won't hazard to think what we'd do with it (nor is the TSA work in my domain), but I am genuinely curious what TSA wants to get out of such a system.
exerda is online now  

Thread Tools
Search this Thread