20/10/2008 – TSA Rolls Out PDA Based Boarding Pass : A Security Double Standard
When a flyer downloads the boarding pass to their PDA, the electronic boarding pass displays an encrypted bar code that contains the passengers basic travel information. This information includes the passenger’s name and flight information. When the flyer approaches the TSA travel document checker (TDC) the PDA based boarding pass is electronically scanned by a hand-held scanner. The information displayed on the hand-held scanner is then verified against the flyers valid photo identification.
With the ability to create, and alter, boarding passes printed at home (or at the hotel), changing a passengers name to bypass security measures is very easy to accomplish. Shouldn’t all boarding passes have this 2-dimensional encrypted barcode?
If a potential flyer is on the ‘No Fly’ list, who is a legitimate threat to national security, really wants to fly, they will purchase a ticket in the name of someone who is not on the ‘No Fly’ list.
Once this ‘threat’ has purchased the ticket they will check in online, and get to the print page. Once at the print page they’ll create a PDF and import the PDF into Photoshop. In Photoshop they will change the name on the boarding pass to their name. With their name on the boarding pass they can walk up to the TSA’s TDC with their legal legitimate photo identification and the forged boarding pass. The names will match and they’ll be on their way. Once at the gate they use a non-forged boarding pass and they board the plane.
……….no I am not giving away national security secrets here. What I am discussing is information that the Department of Homeland Security is well aware of.
By implementing a bar-code scanning system through the TSA’s travel document checking system it would be extremely difficult to bypass the security measures in place. The system of checking encrypted boarding passes should not be limited to the use of PDA boarding passes at a total of 8 airport checkpoints.
This system is not at 8 airports, but at 8 airport checkpoints, specific to certain airlines. New York’s LaGuardia Airport (LGA) for example has approximately 9 TSA check points. The PDA boarding pass program however is only available at one single checkpoint. You can only use the PDA boarding pass in the Delta/Northwest Terminal, and only if you are flying on Delta Airlines (not Northwest Airlines).
We need a secure system to keep a nation in transit safe. A system of positively checking boarding passes should be in place not only in the United States by around the world. A secure system of boarding pass verification should be in place not only at major airports, but at minor airports as well.
Why minor airports? Because if you seek to do harm and strike fear into the hearts and minds of the flying public, you won’t risk dealing with security at a major airport such as Philadelphia International Airport (PHL). To make your job easier, you’ll board your flight at a small regional airport such as New Haven (HVN), which is easier to pass through and connect to a full-loaded transcontinental or transatlantic flight out of PHL.
Checking photo identification against a piece of paper that cannot be verified is a waste of resources. Dealing with 21st century threats with mid-20th century technology is not staying one-step ahead of the threat. Current security measures react to past threats rather than looking forward towards new threats.
Having encrypted bar codes on all boarding passes is a 21st century answer to a 21st century threat and it should not be limited to an extremely small number of travelers who chose to use their PDA rather than a paper boarding pass.