-------- Original Message -------- Subject: Airport lockers Date: Wed, 2 Mar 2005 16:07:55 -0500 From: Larry Abramson <LAbramson@private> To: 'declan@private' <declan@private> Declan: here's added info. on the airport locker question from an industry trade journal. It does not answer your question, but does explain that the technology was a response to TSA's ban on traditional locker technology after 9/11. Pointing the finger True to form, Smarte Carte set its engineers to work incorporating a biometric device into their Smarte Locke electronic locker product that would vastly decrease the security risks associated with airport lockers. The device scans the customer's fingerprint and uses it to open the locker. This highly secure method ensures that the person who rented the locker is the person who retrieves its contents. Since the lockers are monitored electronically from a remote location, the company can lock down all the doors at once if an emergency arises. Similarly, if there was a need to get into them (a bomb scare, for instance), Smarte Carte can open all the doors at once to give security access. "There's a lot of functionality to it," Rudis said. "We create a record of every time someone has accessed those lockers." Larry Abramson, NPR -------- Original Message -------- Subject: Re: [Politech] Some airport lockers now require fingerprints? [priv] Date: Wed, 2 Mar 2005 08:04:42 -0500 From: Marc Rotenberg <rotenberg@private> To: Declan McCullagh <declan@private> CC: Melissa Ngo <melissa.ngo@private> References: <42255E38.6000503@private> Declan - The answer to the question what is the future of digitized fingerprints may be with the proposed office of "Screening Coordination and Operations." Hearing today: Mar 02, 05 Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity: Wednesday, 2:00PM - Proposed FY 2006 Budget: Integrating Homeland Security Screening Operations Where: 2318 Rayburn House Office Building From EPIC Web site. EPIC Urges Scrutiny of Proposed Federal Profiling Agency In a letter (pdf) to a House subcommittee, EPIC urged careful scrutiny of the Department of Homeland Security's proposed Office of Screening Coordination and Operations. This office would oversee vast databases of digital fingerprints and photographs, eye scans and personal information from millions of American citizens and lawful foreign visitors. Homeland Security has announced that the office's operations would be conducted in a manner that safeguards civil liberties, but the agency has not yet explained how it proposes to protect privacy rights or ensure accountability. For more information, visit EPIC's U.S. Domestic Spending on Surveillance Page. (Mar. 1) EPIC Letter on Office of Screening Coordination and Operations, March 1, 2005 http://www.epic.org/privacy/budget/fy2006/sco_letter.pdf EPIC Domestic Spending on Surveillance Page http://www.epic.org/privacy/budget/fy2006/ -------- Original Message -------- Subject: Re: [Politech] Some airport lockers now require fingerprints? [priv] Date: Tue, 1 Mar 2005 23:43:48 -0800 From: mis@private To: Declan McCullagh <declan@private>, kaserkes@private CC: politech@private References: <42255E38.6000503@private> these are made by smarte carte (who filed chapter 11 on 2/11/05; maybe choicepoint will bail them out by buying their database.) smarte carte is using the sensors from digital persona, which is also the provider of the standalone microsoft fingerprint product. according to http://www.findarticles.com/p/articles/mi_zdbln/is_200210/ai_ziff32163 "The sensors take a digital snapshot of a finger and store it on a database connected to a Windows OS. When the customer returns to the locker, they put the same finger on the sensor to open the locker. The lockers are monitored through a LAN connection to Smarte Carte's central office. At any time, the company could open one or all of the lockers remotely for inspection." the privacy policy for the airport lockers appears nowhere on the smartecarte.com web site. -------- Original Message -------- Subject: Re: [Politech] Some airport lockers now require fingerprints? [priv] Date: Wed, 02 Mar 2005 10:35:44 -0800 From: Alan Thompson <alan@private> To: Declan McCullagh <declan@private> References: <42255E38.6000503@private> Typically, the fingerprint image is stored on flash RAM locally only (attached to the reader), but they can be transferred to another source of course, if the readers are networked. Who knows if they are or not. --alan -------- Original Message -------- Subject: Re: [Politech] Some airport lockers now require fingerprints? [priv] Date: Wed, 2 Mar 2005 09:26:39 -0500 From: J.D. Abolins <jabolins@private> Reply-To: jabolins@private Organization: Meyda Online To: Declan McCullagh <declan@private> CC: kathryn serkes <kaserkes@private>, Grayson Barber <gb@private>, "Richard M. Smith" <rms@private> References: <42255E38.6000503@private> Declan, thank you for the good privacy observations. Kathryn, thank for sharing that information about the lockers. The digitized prints might be obtainable by federal investigators under section 215 of the USA PATRIOT Act already without the traditional warrants. I doubt that the airport locker services will follow in the footsteps of many US libraries and wipe the records after the customer is done with the locker and the payment has been received. I am curious about the scanning method for the locker's printing. From the description in this thread, it seems that the fingerprints are electronically scanned by a kiosk system. Are the prints stored as templates or images? There are different privacy implications in the biometric approaches. The more privacy supportive template approach would work for matching the person when reopening the locker. (For more detailed information, check the International Biometrics Group's reports and research section for their biometrics & privacy studies at http://www.biometricgroup.com/reports/public/privacy_reports.html) >From a security viewpoint, this fingerprinting system as described appears to have very little value for preventing terrorist attacks. If the fingerprint data is checked against fingerprint databases, including those with prints lifted from raided terrorist camps and safe houses, the "bad guys" can easily shift to using unwitting dupes or recruits who aren't likely to be in the databases as terrorism suspects. Providing the print data is stored away from the lockers (and, thus, not destroyed in an attack), the info would serve a posthumous, so to say, resource for investigations. But the attack would not have been prevented. I am wondering if the locker facilities have a human attendant checking to see the printing process or if this is an automated system. If unattended (or if the attendant isn't attentive), who's to say whose prints are taken? A customer could attempt a "Gummi Fingers" workaround or place a companion's finger(s) on the pad. By the way, the lockers could raise an Americans with Disability issue if there is no alternative way to get a locker if one is not printable. (E.g.; missing all fingers, lacking both hands, or having skin conditions hampering printing.) I can see a scenario where a attendant, if one is present, or a bystander helps out the fingerless person by offering a "helping finger". Then, when the unprintable person returns for the items, the locker won't open because the helper is no longer available. One possible counterterrorism use of the printing might be for having a biometric piece of evidence if the locker is not used for a direct attack but for temporary stowage of materials for later terrorist use. Otherwise, it is most likely that the biggest uses of the system for investigations might be matching the prints matching to connect the customer to the use of the locker if sniffer dogs detect contraband such as drugs. This doesn't mean necessarily that the stored print data would be readily useable against fingerprint databases. Much depends upon the way the prints are scanned and data is stored. But it may be possible to better connected a suspect being questions to the locker. (Suspect: "Man, that wasn't my pot in the locker. I didn't even use that locker!" Police: "Then why is it that your prints match that locker's finger scan?") J.D. Abolins Hi Declan, How about a vending machine right next to the locker that dispenses finger covers - each with a unique and random print? Better yet - designer finger print covers with prints from Britney Spears, President George Bush, or the Pope? -- Anonymous -------- Original Message -------- Subject: Re: Some airport lockers now require fingerprints? Date: Wed, 02 Mar 2005 15:35:11 +0000 From: Douglas Campbell <drcampbell@private> To: Declan McCullagh <declan@private> Now maybe I'm no expert on the use of explosives, but I do have enough background in engineering & science to pose this question about security nitwits having removed luggage lockers from airports in the first place: You're a terrorist bent on causing many casualties. Where should you place a suitcase bomb? A) Out in the open where the maximum number of people will be exposed to its blast B) In a strong steel box which will confine much of the blast energy - - - When I die, bury me in Chicago so I can keep voting. Douglas Campbell, P.E. The Green Party's first candidate for Governor of Michigan 335 e. Lewiston Ferndale, Michigan 48220-1356 42° 27' 52" N - 83° 8' 5" W DrCampbell@private (248) 542-5216 -------- Original Message -------- Subject: re: [Politech] Some airport lockers now require fingerprints? [priv] Date: Wed, 02 Mar 2005 08:55:35 -0800 From: Jack Kriz <jack@private> To: Declan McCullagh <declan@private> And what happens to the electronic signatures one inputs at some credit/debit card transactions, UPS, and FedEx? Can some hacker get those and start charging on a stolen card with an authentic looking signature? Jack Kriz _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Wed Mar 02 2005 - 20:49:37 PST