Establishing Digital Trust: Don't Sacrifice Security for Convenience
At almost every turn these days, we are faced with situations that inspire memories of George Orwell’s “Big Brother.” It's the all-knowing and all-seeing government watcher whose merciless oversight is rivaled only by the fervor with which the government assures us that everything is done – purely – in our best interests.
Luckily for those who fear rampant privacy invasion – and unluckily for those who hope the government might deliver greater security – our government’s preferred method of efficiency involves farming critical duties out to lowest bidding contractors.
My own most recent brush with the rusty gears of the not so well-oiled machinery of free enterprise came in the form of sacrificing my privacy – yet again! – for you, the dear readers of this column.
Yes, I am now a “Registered Traveler!”https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Duly probed and vetted by the U.S. Transportation Security Administration (TSA), complete with my biometric data imprinted on a snazzy smartcard, and $100 poorer, I am now cleared to waltz past the rest of the madding crowd. Of course I still have to take off my shoes.
The idea to be a guinea pig on your behalf was hatched as I stood in yet another insanely long security line at the San Francisco International Airport.
|Mac vs. Linux: Which is More Secure?
Norton Internet Security 2008: Faster, Stronger
Microsoft's New Patent: The Dark Side of SaaS
The Emerging Dell-Linux-Apple War
If you’ve never been to the security line at SFO’s Terminal 3, it’s certainly not something for the faint of heart.
As if a half-hour wait weren’t enough, somebody at the TSA thought it would lighten the atmosphere by having one highly caffeinated security officer mill through the crowd joking with the crowd. During a recent trip, the TSA’s answer to Shecky Green reminded me no less than four times (in a span of 20 minutes) that I should throw away my water bottle – unless it was vodka, in which case I should hand it to him.
As I resisted the urge to whack him upside the head with my ziplock bag full of fluids, I spied some workmen installing a new batch of security machinery belonging to a company called Clear.
The special biometric scanning pods certainly looked very futuristic, like something the Cardassians might have used to torture Captain Picard in an episode of Star Trek. Would the special security lines for Registered Travelers merely be trading one set of tortures for another?
I decided to find out.
The process of registering for Clear was pretty straightforward. It didn’t really reveal much more about me than could be found by searching public records such as date of birth, places of residence over the last five years, and a few other tid-bits.
Once the information was gathered on their Web site, I was given a registration number that I printed and took to the airport for the in-person enrollment. At a special enrollment station in a corner of the terminal, a Clear representative called up my data, scanned images of two government-issued IDs, then she scanned my irises and took my fingerprints.
As a lawyer, my application to the bar required that my fingerprints be taken, so it’s not as if the government didn’t already have my prints. Similarly, having been involved in presidential campaigns during which I needed physical access to Secret Service protectees, I’ve had my background scrutinized on more than one occasion.
The iris scan was a new one for me. Or maybe not. As it turns out, iris scanning is not hard to do and can even be done without the cooperation of the “scanee.” I’ve seen demonstrations of iris scanning systems that use facial recognition and high-powered cameras that can capture decent iris images as people walk through places like airports and casinos.
The in-person enrollment process only took about five minutes. Then I was told to wait for my ID card to arrive in the mail in a few weeks, provided the background check went smoothly. Sure enough, about a week later I got an email saying that I’d been approved by the TSA (Yay! I’m apparently not Osama Bin Laden!), and that I should expect my ID in ten days or so.
Almost a month later, however, I still hadn’t received my ID.
Immediately I had visions of my ID card being intercepted in the post office by an Al-Qaida operative who would soon try to convince airport security that they really were just a chubby, pasty-skinned lawyer who’d lost some weight and gotten a good tan.
Logging into the Clear website, I was able to tell them that my card never arrived, whereupon they deactivated it in their system and promised to issue a new one. About a week later the replacement card finally arrived. (Naturally, its arrival was followed a few days later by the arrival of the original card!)
Armed with my shiny new card, I headed to the airport last week for my first trip as a Registered Traveler. I stepped up to the special Clear security lane and declared to the attendant, “I am a Clear virgin.”
The handsome young attendant winked, looked at his colleagues and with a sly grin said, “I think we can fix that!”
I was offered my choice of pods and choice of scans – eye or thumb. I stepped up into a large blue pod-like device, inserted my card and prepared to be violated. (This is San Francisco, after all.)
I wasn’t expecting what happened next. I was faced with yet another profound moment of existential questioning. While scanning my thumb, the system froze and threw up a cryptic error message that included words to the effect of, “user does not exist.”
For me, airports often inspire questions of being and existence, such as when the automatic faucet in the men’s room sink won’t turn on, no matter how much I wave my hands in front of the sensor.
Luckily the attendant was there to affirm my existence and guided me to another pod where I reinserted my card, fondled the unit with my thumb, and finally got a green light. I was then ushered over to a security checkpoint where I had to partially disrobe, as usual.
In the end, my assessment of the Registered Traveler program is that it’s like so many of the so-called “conveniences” that try to make the miserable air travel experience slightly less soul-crushing. For heavy travelers, the expense and the minimal additional privacy exposure might be worth the slightly speedier security experience.
Then again, heavy travelers are already sometimes able to take advantage of special security lines as part of their membership in frequent flyer programs. So the benefits of a service like Clear is somewhat limited when those options are also available.
Provided that the security of the Clear system – its database and the smartcards themselves – are as advertised, I don’t feel like the privacy risk is all that tremendous for someone like me, whose privacy is already “compromised” by having been probed and vetted in many ways by the government over many years.
The more practical issue for me is whether the system is scalable enough to even provide the kind of Big Brother-ish surveillance and oversight of travelers that is even worth being afraid of. So far, with lost or delayed ID cards, flaky scanning pods, and a hefty fee for not a huge amount of increased speed, it all seems much more of a gimmick than a tool of rising oppression.
They say that Mussolini did make the trains run on time, so as we slowly slide into our fascist future, maybe we do have on-time arrivals to look forward to. Either way, as long as I get my frequent flyer points, I’ll be happy.