A bill making its way through Congress called the TSA Modernization Act would water down the role of biometric authentication and vetting of travelers who enroll in the TSA PreCheck program, and it has attracted the ire of the International Biometrics + Identity Association. Now the trade group is calling on U.S. federal lawmakers to consider the security and privacy risks of such a change to the traveler vetting process.
In general, using biometric authentication to vet frequent travelers assures more security and privacy of such data, the trade group says
The bill, S. 1872, goes by the title “TSA Modernization Act.” Sponsored by South Dakota Rep. Sen. John Thune, it seeks to, among other things, allow the vetting of applications to the PreCheck program via “means other than biometrics.” It requires that those means meet such criteria as being certified by the U.S. Department of Homeland Security and conform to “the definition of a qualified anti-terrorism technology under section 865 of the Homeland Security Act of 2002,” according to a text of the bill from Congress.gov. Travelers applying for the PreCheck program, which speeds people through airport security lines, give their fingerprints as part of the application and traveler vetting process.
TSA Modernization Act questions whether travel is safer with biometrics
That’s the part that has raised eyebrows at the International Biometrics + Identity Association. In general, using biometric authentication to vet frequent travelers assures more security and privacy of such data, says Tovah LaDier, the trade group’s managing director. “There are a number of reasons why a biometric database is not subject to hacking like a database that contains valuable biographic information,” she says. “The latter is valuable for selling the data, identity theft etc. Hacking a biometric database does not provide much of value, only a template of fingerprint images that is not easily usable, if at all.”
She says the fingerprint database used for biometric authentication of frequent travelers meets the “stringent” standards employed by the FBI, and offers better security than commercial databases—a point she amplifies by mentioning the recent Equifax data breach. “The database is maintained by the FBI under stringent security, privacy, and cyber-security measures and, as far as we know, has not been subject to hacking,” she says. “IBIA research (shows) that the true match rate of fingerprint-based background checks by the FBI is 99.6 percent using the FBI’s Next Generation Identification database, whereas there is no public information that name-based biographic background checks have an accuracy rate remotely close and, indeed, no there is no data at all.”
The TSA Modernization Act remains in the U.S. Senate Committee on Commerce, Science and Transportation. The trade group does not object to the entire bill, LaDier says. “IBIA is not interested in stopping the bill,” she says. “There are many good provisions in it. Also, IBIA supports the enrollment targets and increased marketing provisions included in the PreCheck section.”
The group simply objects to the potential removal of biometrics from the TSA PreCheck program.