Ever so slowly, TSA is closing loopholes in the security system that it jury-rigged on top of the old, airline-run system inherited in 2001. The biggest loophole in recent years was the way risky travelers were identified. In essence, the airline was told to print a special code on a risky traveler’s boarding pass. Then, the traveler would carry his pass to the checkpoint, where he’d get special scrutiny.
That was hardly the best system. It depended on risky travelers themselves hand-carrying security messages from airline to checkpoint. And it was easy to forge boarding passes that didn’t carry the mark of Cain.
Under a new system now being piloted, TSA will still depend on travelers carrying messages, but at least the messages will be hard to forge. Airlines will use private encryption keys to authenticate and protect the information stored on each boarding pass. Once the information is decrypted at the checkpoint, it will be compared to the information on the traveler’s ID. If the two match, TSA can apply its identity-based security measures with some confidence.
In addition to securing the information on boarding passes, the new TSA system will automate ID-checking. ID readers will scan for security features and compare the written and the encoded information on IDs to make sure they match each other and the data on the boarding pass. This obviously raises the bar for forgery of both boarding passes and IDs. It likely also spells the end of black-light flashlights and jeweler’s loupes in the security line. The new system will roll out first at Dulles airport near Washington.
In an effort to address the privacy objections that dog every new measure it proposes, TSA has announced that, after its machines have carefully checked those IDs and correlated them to boarding pass and flight information, TSA will destroy all the data. That strikes me as a choice that’s open to debate. Enforced amnesia means that all travelers will always look alike to TSA. I suppose that sounds good if you fear government discrimination, but not if you want a security system that applies different security measures to travelers based on differences in their conduct.