The International Biometrics and Identification Association (IBIA) has objected to plans by the Transportation Security Administration (TSA) to exclusively use just biographic data solutions in an expansion of the PreCheck travel screening program.Stating that biometrics should remain at the core of the PreCheck vetting procedure, the IBIA says that merely using biographic data presents a security risk.According to Tovah LaDier, IBIA's managing director, "this new practice lacks the necessary accuracy to identify security risks and poses a serious threat to applicant privacy, noting that the current system of biometric-based FBI criminal history records checks (CHRC) has a true match rate on fingerprints of 98.6%, whereas the performance of these algorithms varies greatly and remains largely unproven on such a mass scale."On December 23, 2014, TSA issued an RFP for PreCheck expansion that seeks third-party vendors to "pre-enroll" passengers into the program. TSA's proposal would authorize private vendors to use commercial data and proprietary algorithms to create a "risk-score" for passengers to determine eligibility.The FBI biometric-based CHRC is acknowledged as key to background checks worldwide as well as in the US. It has been the cornerstone of TSA's security threat assessment approach for the program.However, the IBIA says that TSA is now proposing that vendors perform less-reliable, name-based background checks, as well as amass personal information from social media, location information, retail purchase history, and blog posts.Chris Calabrese, senior policy director at the Center for Democracy and Technology, told the FederalTimes on the issue: "We're talking about teaching machines how to spot dangerous behavior. It's easy to do when you're talking about credit card fraud; there's billions of transactions and lots of fraud and you can teach the machine exactly what to look for. It's very hard to do when it comes to terrorism, for which there are very few examples and which are very diverse."The IBIA adds that TSA's proposed reliance on commercial data and proprietary risk-scoring algorithms also poses a serious threat to privacy."It is common knowledge that data on the Internet contains many inaccuracies. Personal biographic data, addresses, driver's license numbers, and credit card numbers that would be collected, have real value to cybercriminals and fraudsters ߪ This is not the case with biometrics in prescreening applications like PreCheck."The IBIA concludes by urging the TSA to reconsider its plan to rely solely on private company partnerships aiming to use biographic data in the PreCheck application process."Any reasonable and secure prescreening program must include biometrics for background checks and identification reliability to maintain a high-level of accuracy in identifying security risks".
IBIA questions TSA’s PreCheck expansion plans
