<<< Date Index >>>     <<< Thread Index >>>

[IP] Airport lockers, fingerprints, and privacy -- more details, questions [priv]



------ Forwarded Message
From: Declan McCullagh <declan@xxxxxxxx>
Date: Wed, 02 Mar 2005 23:12:11 -0500
To: <politech@xxxxxxxxxxxxxxx>
Subject: [Politech] Airport lockers, fingerprints, and privacy -- more
details, questions [priv]





-------- Original Message --------
Subject: Airport lockers
Date: Wed, 2 Mar 2005 16:07:55 -0500
From: Larry Abramson <LAbramson@xxxxxxx>
To: 'declan@xxxxxxxx' <declan@xxxxxxxx>

Declan: here's added info. on the airport locker question from an industry
trade journal.  It does not answer your question, but does explain that the
technology was a response to TSA's ban on traditional locker technology
after 9/11.

Pointing the finger
True to form, Smarte Carte set its engineers to work incorporating a
biometric device into their Smarte Locke electronic locker product that
would vastly decrease the security risks associated with airport lockers.
The device scans the customer's fingerprint and uses it to open the locker.
This highly secure method ensures that the person who rented the locker is
the person who retrieves its contents.
Since the lockers are monitored electronically from a remote location, the
company can lock down all the doors at once if an emergency arises.
Similarly, if there was a need to get into them (a bomb scare, for
instance), Smarte Carte can open all the doors at once to give security
access. "There's a lot of functionality to it," Rudis said. "We create a
record of every time someone has accessed those lockers."


Larry Abramson, NPR






-------- Original Message --------
Subject: Re: [Politech] Some airport lockers now require fingerprints?
[priv]
Date: Wed, 2 Mar 2005 08:04:42 -0500
From: Marc Rotenberg <rotenberg@xxxxxxxx>
To: Declan McCullagh <declan@xxxxxxxx>
CC: Melissa Ngo <melissa.ngo@xxxxxxxxx>
References: <42255E38.6000503@xxxxxxxx>

Declan -

The answer to the question what is the future of digitized fingerprints
may be with the proposed office of "Screening Coordination and
Operations." Hearing today:

 Mar 02, 05
 
 Subcommittee on Economic Security, Infrastructure Protection,
 and Cybersecurity:  Wednesday, 2:00PM - Proposed FY 2006
 Budget: Integrating Homeland Security Screening Operations
 
 Where: 2318 Rayburn House Office Building

 From EPIC Web site.

 EPIC Urges Scrutiny of Proposed Federal Profiling Agency
 
 In a letter (pdf)  to a House subcommittee, EPIC urged careful
 scrutiny of the Department of Homeland  Security's proposed
 Office  of Screening Coordination and Operations. This office
 would oversee vast databases of digital fingerprints and
 photographs, eye scans and personal information from millions
 of American citizens and  lawful foreign visitors. Homeland
 Security has announced  that the office's  operations would be
 conducted in a manner that safeguards  civil liberties, but
 the agency has not yet explained  how it proposes to protect
 privacy rights or ensure accountability. For more information,
 visit EPIC's U.S.  Domestic Spending on Surveillance Page.
 (Mar. 1)

EPIC Letter on Office of Screening Coordination and Operations, March
1, 2005
http://www.epic.org/privacy/budget/fy2006/sco_letter.pdf

EPIC Domestic Spending on Surveillance Page
http://www.epic.org/privacy/budget/fy2006/





-------- Original Message --------
Subject: Re: [Politech] Some airport lockers now require fingerprints?
[priv]
Date: Tue, 1 Mar 2005 23:43:48 -0800
From: mis@xxxxxxxxxx
To: Declan McCullagh <declan@xxxxxxxx>, kaserkes@xxxxxxxxxxxxxxxx
CC: politech@xxxxxxxxxxxxxxx
References: <42255E38.6000503@xxxxxxxx>

these are made by smarte carte (who filed chapter 11 on 2/11/05;
maybe choicepoint will bail them out by buying their database.)

smarte carte is using the sensors from digital persona, which is also
the provider of the standalone microsoft fingerprint product.

according to
http://www.findarticles.com/p/articles/mi_zdbln/is_200210/ai_ziff32163

"The sensors take a digital snapshot of a finger and store it on a
database connected to a Windows OS. When the customer returns to the
locker, they put the same finger on the sensor to open the locker. The
lockers are monitored through a LAN connection to Smarte Carte's
central office. At any time, the company could open one or all of the
lockers remotely for inspection."

the privacy policy for the airport lockers appears nowhere on the
smartecarte.com web site.






-------- Original Message --------
Subject: Re: [Politech] Some airport lockers now require fingerprints?
[priv]
Date: Wed, 02 Mar 2005 10:35:44 -0800
From: Alan Thompson <alan@xxxxxxxxxxxxxxxx>
To: Declan McCullagh <declan@xxxxxxxx>
References: <42255E38.6000503@xxxxxxxx>

Typically, the fingerprint image is stored on flash RAM locally only
(attached to the reader), but they can be transferred to another source
of course, if the readers are networked.  Who knows if they are or not.

--alan




-------- Original Message --------
Subject: Re: [Politech] Some airport lockers now require fingerprints?
[priv]
Date: Wed, 2 Mar 2005 09:26:39 -0500
From: J.D. Abolins <jabolins@xxxxxxxxxxxxxxx>
Reply-To: jabolins@xxxxxxxxxxxxxxx
Organization: Meyda Online
To: Declan McCullagh <declan@xxxxxxxx>
CC: kathryn serkes <kaserkes@xxxxxxxxxxxxxxxx>,        Grayson Barber
<gb@xxxxxxxxxxxxxxxxx>,        "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
References: <42255E38.6000503@xxxxxxxx>

Declan, thank you for the good privacy observations. Kathryn, thank
for sharing that information about the lockers.

The digitized prints might be obtainable by federal investigators
under section 215 of the USA PATRIOT Act already without the
traditional warrants. I doubt that the airport locker services will
follow in the footsteps of many US libraries and wipe the records
after the customer is done with the locker and the payment has been
received.

I am curious about the scanning method for the locker's printing. From
the description in this thread, it seems that the fingerprints are
electronically scanned by a kiosk system. Are the prints stored as
templates or images? There are different privacy implications in the
biometric approaches. The more privacy supportive template approach
would work for matching the person when reopening the locker. (For
more detailed information, check the International Biometrics Group's
reports and research section for their biometrics & privacy studies
at http://www.biometricgroup.com/reports/public/privacy_reports.html)

 >From a security viewpoint, this fingerprinting system as described
appears to have very little value for preventing terrorist attacks.

If the fingerprint data is checked against fingerprint databases,
including those with prints lifted from raided terrorist camps and
safe houses, the "bad guys" can easily shift to using unwitting dupes
or recruits who aren't likely to be in the databases as terrorism
suspects. Providing the print data is stored away from the lockers
(and, thus, not destroyed in an attack), the info would serve a
posthumous, so to say, resource for investigations. But the attack
would not have been prevented.

I am wondering if the locker facilities have a human attendant
checking to see the printing process or if this is an automated
system. If unattended (or if the attendant isn't attentive), who's to
say whose prints are taken? A customer could attempt a "Gummi
Fingers" workaround or place a companion's finger(s) on the pad.

By the way, the lockers could raise an Americans with Disability issue
if there is no alternative way to get a locker if one is not
printable. (E.g.; missing all fingers, lacking both hands, or having
skin conditions hampering printing.) I can see a scenario where a
attendant, if one is present, or a bystander helps out the fingerless
person by offering a "helping finger". Then, when the unprintable
person returns for the items, the locker won't open because the
helper is no longer available.

One possible counterterrorism use of the printing might be for having
a biometric piece of evidence if the locker is not used for a direct
attack but for temporary stowage of materials for later terrorist
use.

Otherwise, it is most likely that the biggest uses of the system for
investigations might be matching the prints matching to connect the
customer to the use of the locker if sniffer dogs detect contraband
such as drugs. This doesn't mean necessarily that the stored print
data would be readily useable against fingerprint databases. Much
depends upon the way the prints are scanned and data is stored. But
it may be possible to better connected a suspect being questions to
the locker. (Suspect: "Man, that wasn't my pot in the locker. I
didn't even use that locker!" Police: "Then why is it that your
prints match that locker's finger scan?")

J.D. Abolins







Hi Declan,

How about a vending machine right next to the locker that dispenses
finger covers - each with a unique and random print?  Better yet -
designer finger print covers with prints from Britney Spears, President
George Bush, or the Pope?

-- Anonymous







-------- Original Message --------
Subject: Re: Some airport lockers now require fingerprints?
Date: Wed, 02 Mar 2005 15:35:11 +0000
From: Douglas Campbell <drcampbell@xxxxxxxxxxxx>
To: Declan McCullagh <declan@xxxxxxxx>

Now maybe I'm no expert on the use of explosives, but I do have enough
background in engineering & science to pose this question about security
nitwits having removed luggage lockers from airports in the first place:

You're a terrorist bent on causing many casualties.  Where should you
place a suitcase bomb?
A) Out in the open where the maximum number of people will be exposed to
its blast
B) In a strong steel box which will confine much of the blast energy

  - - -

When I die, bury me in Chicago so I can keep voting.

Douglas Campbell, P.E.
The Green Party's first candidate for Governor of Michigan

335 e. Lewiston
Ferndale, Michigan  48220-1356
42° 27' 52" N  -  83° 8' 5" W

DrCampbell@xxxxxxxxxxxx
(248) 542-5216







-------- Original Message --------
Subject: re: [Politech] Some airport lockers now require fingerprints?
[priv]
Date: Wed, 02 Mar 2005 08:55:35 -0800
From: Jack Kriz <jack@xxxxxxxxx>
To: Declan McCullagh <declan@xxxxxxxx>

And what happens to the electronic signatures one inputs at some
credit/debit card transactions, UPS, and FedEx? Can some hacker get those
and start charging on a stolen card with an authentic looking signature?
Jack Kriz






_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)


------ End of Forwarded Message


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/