In a major change of policy, the Transportation Security Administration has announced that passengers refusing to show ID will no longer be able to fly. The policy change, announced on Thursday afternoon, will go into force on June 21, and will only affect passengers who refuse to produce ID. Passengers who claim to have lost or forgotten their proof of identity will still be able to fly.
As long as TSA has existed, passengers have been able to fly without showing ID to government agents. Doing so would result in a secondary search (a pat down and hand search of your carry-on bag), but passengers were still permitted to board their flights. In some cases, taking advantage of this right to refuse ID came with fringe benefits--being bumped to the front of the checkpoint queue.
For a few years after September 11, 2001, TSA's policies when it came to flying without ID were somewhat fuzzy. The agency, like many other parts of the Bush Administration, has hidden behind the shroud of classification--in TSA's case, labeling everything Sensitive Security Information.
Seeking to clarify the rules, activist John Gilmore took the U.S. government to court in 2004. Gilmore chose to take a particularly hard line, by refusing to show ID to TSA and also by refusing to undergo the more thorough "secondary screening" search. He eventually lost his case before the 9th Circuit of the U.S. Court of Appeals.
While the judges were not willing to let Gilmore avoid the secondary screening search, they did at least recognize the right to travel without showing ID--providing that passengers are willing to be subject to a pat down and a bit of probing:"The identification policy requires that airline passengers either present identification or be subjected to a more extensive search. The more extensive search is similar to searches that we have determined were reasonable and consistent with a full recognition of appellants constitutional right to travel."
Since then, in at least two letters to citizens, TSA has re-affirmed this right. In March 2008, a TSA official wrote that:
"If a traveler is unwilling or unable to produce a valid form of ID, the traveler is required to undergo additional screening at the checkpoint to gain access to the secured area of the airport."
A change in policy
In a press release issued on Thursday with little fanfare, TSA announced a major change in its rules.
"Beginning Saturday, June 21, 2008 passengers that willfully refuse to provide identification at security checkpoint will be denied access to the secure area of airports. This change will apply exclusively to individuals that simply refuse to provide any identification or assist transportation security officers in ascertaining their identity."
This new procedure will not affect passengers that may have misplaced, lost or otherwise do not have ID but are cooperative with officers. Cooperative passengers without ID may be subjected to additional screening protocols, including enhanced physical screening, enhanced carry-on and/or checked baggage screening, interviews with behavior detection or law enforcement officers and other measures."
To clarify: Passengers who refuse to show ID, citing a constitutional right to fly without ID will be refused passage beyond the checkpoints. Passengers who say they have left their ID at home, will be searched, and then permitted to board their flights.
While TSA's announcement stated that the goal of the change was to "increase safety," this blogger disagrees. The change of rules seems to be a pretty obvious case of security theater. Real terrorists do not refuse to show ID. They claim to have lost their ID, or they use a fake.
TSA's new rules only protect us from a non-existent breed of terrorists who are unable to lie.
Fixing flaws vs. security theater
In a research paper published in 2007, I outlined a number of glaring loopholes allowing the total circumvention of the much criticized no-fly lists. The two main flaws were that passengers can modify boarding passes, and that they can refuse to show ID.
In December 2007, TSA began testing out a secure, authenticated, tamper-proof boarding pass scheme. It has since been rolled out to a number of major airports around the country.
With hundreds of millions of dollars having already been spent on the various no-fly lists, it is at least interesting to see that someone at TSA is now spending time on fixing the loopholes in the system. The most glaring of this has long been the fact that passengers can refuse to show (or claim to have forgotten) their ID. Simply put, without being able to know who is walking through a checkpoint, there is no way to know that the "bad guys" have been caught by the no-fly list.
TSA's new rule, while perhaps motivated by a desire to beef up security, is significantly flawed. Terrorists will lie, and claim to have lost their ID--while law-abiding citizens wishing to assert their rights will be hassled, and refused flight.
Of course, all of this is premised on the idea that the no-fly list is actually a useful safety tool--something that I, and a number of other prominent security experts, strongly disagree with. Simply put, terrorists do not pre-register their intent.
As Bruce Schneier has noted before, the no-fly list is a collection of hundreds of thousands of people who are too dangerous to fly, but not guilty enough to be charged with a crime.
These are interesting times, indeed.
Thanks to Gary @ View from the Wing for spotting TSA's announcement.
Disclosure: I am supposed to be on a hiatus, but this topic was too important to leave alone. I am currently an intern at the American Civil Liberties Union of Northern California. These opinions are my own, and do not reflect anyone that pays me.
For the last few years, frequent travelers have had the option to sacrifice their privacy (as well as some money) for speed at the airport. Now, thanks to some keen deal-spotting by bloggers, passengers can skip to the front of the airport security line for free. The question to be asked is: even when such services are free, are they worth the price?
(Credit:
Courtesy CLEAR/Verified Identity Pass)
Verified Identity Pass is one of three companies that participate in TSA's Registered Traveler program. The company offers separate lines leading to TSA checkpoints for its subscribers. Passengers passing through one of these lines get to skip to the front of TSA's security checkpoint -- although they still must take off their shoes and belts.
Verified Identity Pass, and its CLEAR program, has been the subject of much hype since its launch a couple years ago . However, it has received quite a bit of criticism from the security community, as well as from TSA's head honcho Kip Hawley. In a statement last year explaining why CLEAR customers still had to take off their shoes and belts, Hawley told Congress:
"The technology is not yet there to provide significant screening benefits to members," Hawley said today before the House Committee on Homeland Security, adding that providers need to tweak such systems before TSA grants full approval. He did not specify the modifications TSA seeks.
Passengers wishing to join the CLEAR program will need to fork over $100 per year, plus $28 for the background check that TSA will run. As part of the application, customers are asked for their social security and drivers license numbers, although these are clearly marked as optional information.
The real sticking point, at least for me, is that passengers are required to give up a copy of their fingerprints and a retina scan. This information will then be used to authenticate you when you go through a CLEAR checkpoint. Of course, should the FBI write a national security letter and decide that it would also like a copy of that biometric information, Verified Identity Pass will be forced to hand it over. Creepy.
Thanks to some keen spotting by Gary over at View from the Wing, suckers passengers willing to hand over this information to a central database can now join CLEAR for free, at least for the first year.
First: go and sign up to be a member of the Hyatt Hotels Platinum Program (valid until March 31).
Second: with your new Hyatt platinum number in hand, go over to the CLEAR site and sign up for a one year free membership.
I've thought it over, and even when it's free, I still can't convince myself that it's a good idea to do this. However, for those of you who fly frequently (or who have been arrested before, and thus already have your paw-prints on file), perhaps you may find this useful.
For those more adventurous travelers, as I've discussed before, there is another way to jump to the front of the security line - refuse to show ID.
UPDATE: See below for TSA's response.
A scathing congressional report released Friday confirms that security flaws in a Transportation Security Administration site put thousands of Americans at risk of identity theft.
The report (PDF) also reveals that a no-bid contract to create the site was awarded to an outside company by a TSA employee who had previously worked for that company. Was this just business as usual at TSA?
TSA: Security ain't its forte
(Credit: CNET)In October 2006, the TSA launched a Web site to help travelers whose names were erroneously listed on airline watch lists. This site had a number of security vulnerabilities: it was not hosted on a government domain; its home page was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified. Furthermore, the site was filled with typos and other errors, causing some to wonder whether TSA's site had been taken over by phishers.
The report notes that TSA's chief information security officer conducted a detailed security accreditation review of the traveler redress site before it went live. He/she did not notice any of the glaring holes that I highlighted in my initial blog post on the subject. The report does not note whether the chief information security officer was ever punished for this failure to detect obvious flaws.
For the four months that the site was up, thousands of people visited it, and 247 travelers submitted highly personal information (including their Social Security number and place of birth) through an insecure, non-SSL encrypted form. TSA's lax security practices resulted in thousands of Americans being put at a direct risk of identity theft.
The site was only taken down after I discovered it in February 2007 and posted something to my blog. Shortly after, Wired and a number of other sites picked up the story, and TSA was shamed into pulling down the site.
In addition to noting the security problems on the site, I also expressed significant skepticism regarding Desyne Web Services, the Virginia-based Web site design firm that was running and operating the site. In my original blog post, I wrote:
"This begs the question: Who are these guys, why don't they know how to use SSL and how were they awarded this sweet contract? Why can't TSA do a simple form submission themselves?"
My initial concern seems to be well founded, as the newly released report reveals. The TSA official in charge of the project awarded the contract--without competition--to one of his former employers, a company owned by one of his high school buddies.
Proving that this is just business as usual for TSA, the report notes that "neither Desyne nor the technical lead on the traveler redress Web site have been sanctioned by TSA for their roles in the deployment of an insecure Web site. TSA continues to pay Desyne to host and maintain two major Web-based information systems. TSA has taken no steps to discipline the technical lead, who still holds a senior program management position at TSA."
UPDATE: When reached for comment, TSA spokesman Christopher White stated that "every issue that the committee brought up has been addressed many months ago. We are not interested in rehashing last year's issues."
When asked whether TSA is concerned with the ethical concerns that surrounded the no-bid sweetheart contract, he stated that there are "no ethical issues (to be) brought up. We hold ourselves to very high ethical standards. It is useless for the American public to rehash this old garbage that doesn't exist today."
He also stated that "many many months ago, when this was a legitimate issue, TSA did notify each person who may have been affected." However, he said, TSA "did not offer to pay for credit monitoring" for those passengers. He stressed that, "we have absolutely no indication that anyone's identity has been misused as a result of this incident."
White could not immediately answer questions related to the complete lack of sanctions for the TSA employee managing the contract and promised to get back to me after looking into the issue.
For those readers who are not aware, the FBI conducted a 2 a.m. raid of my home back in October 2006, after I created a Web site demonstrating the ease with which passengers could create fake boarding passes. After the FBI dropped its investigation, the TSA investigated me for six months and threatened me with tens of thousands of dollars in civil fines. No charges were ever filed.
I discovered the initial security flaws in TSA's redress Web site, and the congressional investigation is a direct result of a blog post that I wrote in February 2007. I'd be lying if I said that I wasn't grinning from ear to ear with the news of this report.
It's poetic justice, if you will, for the unpleasantness that TSA put me through.
Desyne, the firm that created the Web site, could not be immediately reached for comment.
Why were US airlines able to stop checking IDs at the gate less than a year after 9/11, while European and Asian airlines still to this day check identity documents. Has this resulted in a lower level of flight security in the US? Do US airlines know something the Europeans don't, or do they just have more lobbying power with their government. This blog post analyzes the economic reasons behind the US airlines decision to stop checking IDs, and exposes the fact that US Passenger Name Record (PNR) data is for the most part, unreliable and worthless.
This blog post is a more formal writeup of part of my talk at the IDMAN 07 workshop in Rotterdam yesterday, which goes hand-in-hand with my soon to be published research paper: Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists.
The airlines have designed a complex system of price discrimination for their tickets. This sounds worse than it really is though. Simply put, the airlines try and charge each passenger as much as that passenger will be willing to pay. Students get special discounts, those who plan their trips a few months in advance get cheaper prices, while business travelers purchasing tickets the day before their flight pay through the nose. This is by no means a strategy solely used by the airlines - five cent coffee for the elderly at McDonald's, AAA discounts at hotels, and early bird breakfast specials are all a form of price discrimination.
Seguridad
(Credit: Daquella manera / Flickr)For price discrimination to be effective, the airlines need to restrict the ability of passengers to resell tickets. Otherwise, passengers would resell unwanted tickets on eBay. This system is primarily enforced by requiring passengers to show ID when they check-in. The airlines will not permit someone to fly using a ticket purchased in someone else's name.
Not every passenger has to check-in at an airline counter as print at home boarding passes allow passengers with just carry-on bags to skip the check-in counter at the airport and go straight to the security checkpoint. Luckily for the airlines, the Transportation Security Administration also checks passenger ID, and compares each passenger's identity documents to his or her boarding pass. If your ID and boarding pass do not match, TSA will not let you past their checkpoint.
TSA's ID checks are not enough to make sure that only the "right" people get on airplanes. Two passengers flying to different destinations (domestic or foreign) can swap boarding passes once they've successfully walked through the security checkpoint. A passenger can purchase a fully refundable ticket for a flight to San Francisco, go through security, and then travel to New York on a ticket purchased in someone else's name (after calling up the airline to cancel the first ticket, and get his money back, of course). Finally, passengers can simply refuse to show ID to TSA officials, get patted down at the checkpoint, and then board a flight using a ticket purchased in any name he wishes.
Terrorist Boarding Pass
(Credit: Fred Beneson / Flickr)All of these techniques for evading the name/boarding pass checks are possible primarily because the airlines do not compare a passenger's ID to the name in their computer at the time the passenger boards the flight. This mandatory check was introduced shortly after 9/11, but less than one year later, the airlines had managed to petition the government allow them to stop the checks. The airlines companied that the additional ID checks were expensive and slow to do, and as a result, were causing flights to be late. Compare this to Europe and Asia where pre-boarding ID checks are mandatory in most countries. The European airlines still seem to turn a profit, and are no later than their American peers.
And now for the second economics lessons of the day:
In economics, an externality occurs when a the participants in an economic transaction do not shoulder all of the costs or reap all of the benefits of the transaction. For example, manufacturing that causes air pollution imposes costs on the general public and not just on the manufacturing companies that fill the air with soot.
Now lets apply this new term to the world of airplane tickets and ID. The airlines have designed a complex system of price discrimination for the sale of their tickets in which two passengers sitting next to each other on a flight could have paid vastly different sums for the same ticket. The current system of ID checks is not actually sufficient to restrict the use of airplane tickets to those whose names are printed on them. Furthermore, the airlines in the US are not willing to shoulder the financial cost of enforcing the ID/boarding pass restrictions which would stop people from evading their discriminatory price controls.
An important question that must then be answered is: how is the price discrimination still working? If anyone can get on an airplane on a ticket in someone else's name, and there is such a large difference in the price of tickets between students and businessmen, why are more students not selling their plane tickets on ebay?
The answer to this question comes down to externalities. TSA performs an ID check at the security checkpoint. Anyone showing false ID to a TSA employee is breaking a federal law. Furthermore, attempts to travel with someone else's boarding pass are also potentially illegal - although the law here is a little bit more unclear. TSA's checks, and the threat of federal punishment are enough to stop the vast majority of would-be airline ticket ebayers from attempting to fly on someone else's ticket.
As I mentioned before, there are several methods of evading the ID/boarding pass checks. While these may be illegal, they are all more than likely to lead in a succesful flight for the passenger.
For the airlines, their decision to not check IDs at the gate is simple and logical: The additional staff labor required to check every passenger's ID at the gate would cost more than any revenue lost due to the small minority of passengers who are willing to face federal prosecution for attempting to travel using a ticket purchased in someone else's name. The threat of TSA action against a passenger who bought their ticket from ebay is enough to keep 99% of passengers "honest".
The airlines do not feel the financial need to check ID (and thus enforce their system of price discrimination) because TSA does it for them, albeit in a way that can be evaded by motivated passengers willing to risk legal action.
TSA's Data Vaccum
(Credit: Unsecureflight.com)TSA has made a big deal about acquiring Passenger Name Records (PNRs), the databases of passengers on each flight, and the usefulness of the data in fighting terrorism. This information is especially valuable for passengers coming in from Europe and other parts of the world, as it means TSA or other government agencies can tell an airplane to turn around if we do not like the name of a passenger who is onboard.
The problem with PNR data, is that at least for any flights originating in the US, the data is completely useless. As I've discussed above, there are a handful of ways through which a passenger could get on a flight without the airline (and thus the government) knowing who they are. If the airlines can't be sure who is on their flight, then their passenger data is worthless. For the purposes of giving out frequent flier miles, it is sufficient, but if you want to use the data to search for bad guys, enforce a national dragnet, or create a creepy surveillance state, the data is no good.
How do we fix this?
Personally, I'd prefer to live in a world where records of our travel were not kept, and where people who no longer wished to go to Hawaii for spring break could resell their plane tickets on ebay. However, that is not likely to be the same world in which most of the Homeland Security establishment wish for us to live. As an exercise in system security design, lets at least try and "fix" things in such a way that the US government is able to get an accurate list of who is flying. Furthermore, lets be realitic, and recognize that the airlines have massive political power in Washington DC, and thus we cannot depend on Congress passing a law requiring the airlines to check passenger IDs at time of boarding.
I propose a slightly unconventional solution: TSA should no longer require that passengers have a valid boarding pass to get past the security checkpoint. Just as passengers can currently decline to show ID - and get subjected to a more stringent security search - passengers should equally be able to decline to show a boarding pass. Passengers refusing to show a boarding pass would simply be given the SSSS treatment (a pat down, a carry-on bag search, and perhaps a few questions). Flight security would in no way be put at risk, as TSA would be sure to verify that such passengers would not have any dangerous items on them.
TSA would also need to make it clear that it is not a federal offense to fly on someone else's ticket, and make a public commitment not to harass any passengers for attempting to do so. With such a change in TSA policy, the airlines would not longer be able to depend on TSA enforcing their discriminatory price controls for tickets. TSA's job would be scaled back to making sure that bombs, knives and other weapons are kept off airplanes, and the airlines would then have to shoulder the cost of matching passenger ID to reservations. If faced with the threat of thousands of resold and traded airplane tickets, it is quite likely that the airlines would quickly follow their European peers, and begin to perform checks before flight boarding.
The benefits of such an action, other than a sharp reduction in TSA workload (and thus staffing needs), would be a huge increase in the reliability of airline PNR database records. Simply put, the airlines would then be able to confirm with some accuracy the identities of each passenger on an airplane. For those of you who believe that the government knowing the identify and location of your fellow citizens will make you safer, then such an action by the airlines would result in a safer flying experience. How strange....
Caveat: Passengers using fake ID would still be able to evade the airline's checks, but using a fake ID is already illegal. People willing to do this cannot be stopped by TSA currently.
Homeland security officials seem to have adopted a naive and dangerous standard to detect bombs: Devices sold by major corporations that come packaged in logo-adorned, mass produced containers are perfectly safe, while those made by hobbyists and tinkerers with exposed wires and batteries are potential bombs or at least hoax devices.
The problem with this approach is that in many past cases of successful terrorism, especially those committed by state-sponsored groups, the bombs were actually hidden in fully-functioning mass-market electronic devices: personal stereos and mobile phones. Smart terrorists, the ones we should be trying to thwart, do not walk into an airport with LED lights and a 9-volt battery dangling from their sweatshirt.
This past Friday, MIT sophomore Star Simpson unintentionally caused a gigantic freak-out when she walked into Boston's Logan airport wearing a jacket with a home-made electronics project attached to it. Airport security officials confused the device - a circuit board, a few LED lights, and 9 volt battery - with an improvised explosive device. In a press conference following the incident, state police Maj. Scott Pare said that Simpson is "extremely lucky she followed the instructions or deadly force would have been used. She's lucky to be in a cell as opposed to the morgue."
Star Simpson's panic causing circuit board
(Credit: Lisa Poole/Associated Press)This comes less than a year after police in Boston scrambled bomb-response units around the city after discovering Moonitites (flashing promotional electronic signs) that had been placed by a viral marketing firm advertising a TV show on Cartoon Network. After the brouhaha faded, Turner Networks agreed to donate two million dollars to the city of Boston in compensation. The two men who had installed the signs were initially charged with placing a hoax device to incite panic, but the charges were later dropped after the men agreed to perform community service.
Aqua Teen Hunger Force promotional LED sign
(Credit: Jimmy / Wikipedia Commons)Boston has now rightfully earned itself a reputation as a city that overreacts over the smallest thing. Comparing the reactions by Boston officials, and those of Seattle (where the electronic devices were also placed) clearly demonstrates this.
Massachusetts Attorney General Martha Coakley said the device "had a very sinister appearance. It had a battery behind it, and wires." King County (Seattle) Sheriff's spokesman John Urquhart told members of the press "To us, they're so obviously not suspicious ... We don't consider them dangerous" and that "[i]n this day and age, whenever anything remotely suspicious shows up, people get concerned - and that's good. However, people don't need to be concerned about this. These are cartoon characters giving the finger.
With these two episodes of Chicken Little style overreaction by public officials setting the tone, let us now begin to explore the massively flawed policies adopted, albeit unofficially by homeland security officials: Devices sold by major corporations that come packaged in logo-adorned, mass produced containers are perfectly safe, while those made by hobbyists, tinkerers and electronics nerds with exposed wires and batteries are bombs.
But first, a history lesson:
On December 21, 1988, Pan Am Flight 103 was destroyed by a bomb, and the remains landed in and around the town of Lockerbie, Scotland. The terrorists who constructed the Lockerbie bomb hid a smaller charge of explosives in the power pack of a stereo cassette player, with a barometric fuse (set off by a drop in pressure) and timer hidden behind the tape deck. These were primed to go off at a certain time and altitude. Had anyone checked, the tape deck would have blared out music.
In 2006, Israeli paratroopers raided an explosives lab in the West Bank, discovering teddy bears with wires hanging from them, apparently slated to be used as explosive devices. Presumably, the bomb-makers would seal up the teddy bears to hide the wires before sending them out to be used to kill.
A WWII German Exploding Chocolate Bar
(Credit: M15 History For Schools)Also in 2006, the Shabak, Israel's internal security agency is reported to have assassinated Yahya Ayyash, the chief bomb maker for Hamas. A double-agent within Hamas slipped Ayyash a cellular phone with explosives hidden inside. The fully working telephone was reportedly tracked by Israeli Intelligence, who listened in on conversations and detonated the device when it was up to Yahya's ear.
These are just a few instances of explosives being hidden in innocent looking devices. The CIA is reported to have attempted to kill Castro with an exploding cigar. Furthermore, according to the British MI5 history archive, German intelligence agencies during WWII created hand grenades that were made to look like chocolate bars. The candy's flavor could best be described as explosive.
After that stroll down memory lane, it should be clear that motivated persons, be they terrorist groups, resistance fighters, or state security agencies, can easily package up a bomb so that it looks like a completely innocent object - something sold by a respected company and bought off the shelf from a major retailer. Moreover, in many cases, the shell device containing the bomb can still function - as a mobile phone, a laptop, or a personal stereo.
What this means is that from a risk-analysis perspective, up until the moment someone is searched at the airport security checkpoint, every single passenger is equally likely to have a bomb on them. The laptop being used in an airport Starbucks, the boom-box being carried by a music fan, the carry-on bag with wheels being pulled by a passenger, or the circuit board attached to the sweatshirt of an MIT student are all equally likely to be bombs. The mere fact that one of the items happens to have exposed wires, a few LED lights and a 9-volt battery in no way makes it more likely to be a bomb.
Suspected Terrorist button made famous by John Gilmore
(Credit: Aaron Swartz)Yes, some of the "terrorists" caught over the past few years have been complete idiots. Richard Reid, who was unable to light his own shoe-bomb with matches, and the Glasgow airport bombers come to mind. Our government should not expect that future terrorists will be as stupid. After all, the 9/11 hijackers were willing to go to flight-training school in order to prepare for their attack. Our security policies should be focused at catching the intelligent, well funded and patient attackers, not just the idiots.
Airport security and law enforcement need to radically rewrite their training materials to focus more on actual threats, and not those pictured in episodes of TV's 24. Real terrorists hoping to take down an airplane do not advertise themselves by wearing "Terrorist" buttons and badges, t-shirts with Arabic writing, or with blinking LED lights, exposed wires and a 9-volt battery hanging from their chest. Terrorists, at least the smart ones, will do their very best to try and stay under the radar. And thus, the sad fact is that in focusing on attack-scenarios and bomb designs straight from a Hollywood movie, security officials may very well be diverting manpower away from the real threat: Someone who looks just like you or me.
Attempts to assert your right to fly without ID can often be very frustrating, due to Transportation Security Administration and airport officials not knowing their own rules.
With any luck, this should no longer be an issue because the TSA has, at last, clarified things.
Passengers with tickets for domestic flights are under no obligation to present ID to TSA. Passengers may be required to show ID to airline employees, but that is a contractual matter between the airlines and their passengers. U.S. government employees cannot, however, require you to show ID in order to pass through the security checkpoints.
Poster at Burning Man '06
(Credit: Christopher Soghoian)I have personally flown over a dozen times without showing a single form of ID. A number of others have documented similar success stories. Unfortunately, some TSA employees are not aware of their own rules, and at times, have forced passengers to produce ID. Blogger Jake Appelbaum has documented one such experience. Something similar happened to me earlier this year when TSA agents brought over an airport police officer who then compelled me to produce an ID.
The 9th Circuit Federal Court of Appeals clarified a passenger's right to travel without showing ID in its ruling in Gilmore v. Gonzales. Expecting that a TSA screening agent be able to parse a court opinion is often a losing battle. It is for that reason that I've spent the last few months sending letters back and forth to TSA, via my senator, which at least guarantees a reply. Eventually, I was able to get something from TSA in writing that confirms passengers are able to legally fly without showing ID. For those of you who'd like to give it a shot, print out this letter and take it with you. It should (hopefully) reduce any push-back you get from TSA agents.
For those of you who don't get a kick out of asserting your rights, you may wonder why you would ever want to do this. After all, those passengers who decline to provide ID to TSA will instead be forced to go through an invasive "secondary screening" process--a five-minute-or-so procedure in which passengers are patted down, poked, prodded and have their carry-on bag thoroughly searched by hand.
There is a little known, but extremely useful side effect of refusing to show ID: In many airports, you get bumped to the front of the security line. As illogical as it may seem, you can often get through security faster by refusing or "forgetting" your ID at home than if you followed the normal security process.
So, the next time you fly, use my letter and repeat after me: "I hereby assert my right to fly without showing an identification document to any government official." With any luck, you should get through without any problems, and more than likely, you'll get bumped to the front of the queue. If you get any push-back at all, remember the magic words, "I'd like to speak to a supervisor please."
For further reading on the subject: I have a research paper documenting (and fixing) security flaws in the boarding pass system and no-fly lists that'll be published at the IDMAN workshop in October. A pre-print copy of the paper is available online: Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists. Researchers from MIT analyzed the benefits of racial profiling in airport security back in 2002. I highly recommend their paper, Carnival Booth: An Algorithm for Defeating the Computer-Assisted Passenger Screening System. Bruce Schneier has been talking about airport security flaws for years, and most recently published a must-read interview with TSA chief Kip Hawley.
Letter from TSA
(Credit: Christopher Soghoian)Click to see a full-size copy (pdf).
- prev
- 1
- next
