You’ve seen the flap recently because a student, to demonstrate the fairly well discussed airport security flaw involving the ease forgeability of boarding passes, created a web site where you could easily create a fake Northwest boarding pass. Congressman Markey even called for the student’s arrest, then apologized, but in the meantime the FBI raided his house and took his stuff.
As noted, this flaw has been discussed for some time. I certainly saw it the first time I was able to print my own boarding pass. However, it’s not really limited to print-at-home boarding passes, and it’s a shame the likely reaction to this will be to disable that highly convenient service. Airline issued boarding passes are just thicker paper. I don’t see it being particularly difficult with modern colour printers — which are able to pull off passable money given the right paper — to produce good airline printed boarding passes.
It’s possible the reaction to this will be to simpy add a gate ID check for people with home printed boarding passes, which will at least retain those passes without slowing down the boarding process even more, but it doesn’t actually fix the problem.
The current system of easy to forge boarding passes, combined with ID check at TSA security and boarding pass check at the gate, has the following flaws:
- You can, as noted, fly if you are on the no-fly list with no problems. If I were named David Nelson I would consider it.
- You can bypass the selectee system, where they print SSSS on your boarding pass to mark you for “full service” searching. (I’ve been told an additional stamp is placed on your boarding pass after the search, you need to forge this too.)
- You can transfer your ticket to another person without telling the airline or paying them. You also earn flyer miles even though somebody else got on the plane
- It allows people to enter the gate area who aren’t actually flying. This is not a big security risk, but it slows down the security line. You don’t want to miss your flight because people slowed down the line to meet their friends at the gate.
Some airports have the TSA ID-checker put a a stamp on the boarding pass. However, this is also not particularly difficult to forge. Just have somebody go through once to get today’s stamp, have them come back out and now you can forge it.
The simplest answer is to have ID check at the gate. This slows boarding, however, which is bad enough as it is. The hard answer is to have unforgeable boarding passes or an unforgeable stamp or non-removable sticker at TSA.
Probably the best solution is that the TSA station be equipped with an electronic boarding pass reader which can read the barcodes on all types of boarding passes, which themselves must be cryptographically secure. Then the name printed on the pass becomes unimportant, except so you can tell yours from your companion’s. The scanner would scan the pass, and display the name of the passenger on the screen, which could then be compared to the ID.
Sadly, I fear this suggestion would go further, and the full panopticon-enabled system would display the photo of the passenger on the screen — no need to show your ID at all.
Though mind you, if we didn’t have the no-fly-list concept, one could actually develop a more privacy enhancing system with photos. When you bought your ticket, if you didn’t care about FF miles, you would provide a photo of the passenger, not their name or anything else about them. The photo would be tied to the boarding record. To go through security or board the aircraft, you would present the boarding pass number or bar-code, and TSA, gate and luggage check agents would see your photo, and pass you through. The photo confirms that the person pictured has a valid ticket. This meets most of the goals of the current system, except for these:
- It doesn’t allow a no-fly-list. But the no-fly-list is bad security. Only random screening is good security
- It doesn’t allow gathering marketing data on passengers. But the frequent flyer system does.
- It doesn’t allow the airline to generate a list of dead passengers in the event of a crash.
As noted, the marketing data goal is met by the FF program. It would be possible, by the way to build a fairly private FF program where you don’t give your name or address for the program. You just create an FF account online, and get a password, and you can place a picture in it and associate it with flights. You can then redeem flights from it, all online. But I doubt the airlines will rush to do this, they love selling data about you.
The dead-passenger problem can be solved to some degree. They would have, after all, pictures of all the passengers so they could be identified by people who know them. In a pinch, identity could also be escrowed, with the escrow agency requiring proof of the death of the passenger before revealing their identity. That’s pretty complex.
There’s no good way to solve the no-fly-list problem unless you have credible face recognition software. Even that wouldn’t work because it’s not hard to modify a photo to screw up what the face recognition software is looking for but still have it look like you. But frankly the no-fly-list is bad security and it’s not a bug that it doesn’t work in this system.