> The main reason for the TSA to outsource the questioning of travelers and scoring of answers is to evade the rules applicable to collection and use of personal data by Federal agencies. … The nominal “fly/no-fly” decision will still be made by the TSA, not the contractor. But that “decision” will be a rubber-stamp approval or disapproval based solely on whether the app shows a “pass” or “fail” score, or whether the would-be traveler doesn’t have a suitable smartphone or is otherwise unable or unwilling to complete the app-based process.
You hear the drug trade is really lucrative but you're not allowed to sell drugs, so you send your money to a contractor that sells drugs, they give you more money back, and you technically haven't "sold drugs."
Somehow, thinking breaks down at the boundary between systems, because inexplicably the constraints or guarantees of the consuming system do not propagate to the providing system.
TSA could and should be (made) identity-agnostic, with its mandate to protect vehicles and occupants. Immigration is what should care about the individual that's being allowed into the country.
You just had your servers hacked into and all your database are belong to them. The black hats demand X number of BitCoins as ransom, but you cannot pay because it violates certain laws. So you hire an intermediary who pays for you, thereby avoiding the legal problem.
"You hear the drug trade is really lucrative but you're not allowed to sell drugs, so you send your money to a contractor that sells drugs, they give you more money back, and you technically haven't "sold drugs.""
Bureaucratic policies do not specify what is ethically or legally permissible, they specify how an organization has decided to do things.
Contracting with an outside organization whose policies are more suited to the task at hand is usually easier than refactoring the bureaucracy you live in.
Not always. For things that matter, government is perfectly capable of instituting harsh penalties for trying to game the system and boundaries between systems ( check sanctions and OFAC regulations with their strict liability; no messing around, the end result is what matters ). I am certainly not suggesting they should do it the same in TSA, but it is more of an indication that flying is not an issue here.
"A traveler who shows up at a TSA checkpoint would, it appears, be told they have to install the mobile app, pay a fee through the app (which presumably would require a credit or debit card or bank account), complete the in-app questioning, and show a “pass” result from the app to the TSA staff or contractors in order to “complete screening” and proceed through the checkpoint."
Install an app that does god only know on your cell. Hard pass. I keep debating just downgrading to dumb phone, but something always stops me ( right now it is playing with Pinephone ).
This, naturally, does not change the actual outcome ( can't fly without complying with TSA demands ), but I thankfully do not fly a lot these days.
Most people don't fly a lot these days... That's still not an excuse for allowing TSA expansion of authority beyond that which is reasonably essential for their function.
Do you simply show your phone screen to them? Seems like a bit of a security flaw, given that I can just mock up a “pass” screen and show it to the TSA agent, no?
Why not use double phone? I’m afraid you need a bit cash to afford privacy but you can use a cheap smart phone to install this app then put it to faraday cage throughout your travels. Basically a travel only phone.
Right, the people who still don't allow you to board with an excess ounce of water or makeup suddenly care about making air travel a pleasant experience.
It is somewhat depressing to watch American Graffiti, or for that matter soviet movies, and see people just going out to the boarding stairs and getting on the plane like they would a bus.
So according to the request for information[1], it looks like the TSA wants a system that can validate an identity exists (given name, date of birth, address, phone number) and that the identity belongs to the person using the app. The first part looks pretty trivial, given the enormous corpus of databases out there (credit reports, public records, etc.), but what about the second part? Presumably you'd need some sort of database linking identities to photos, and validate that photo against the user's selfie or something. The question is, where would that photo database come from? State DMVs? If your photo is in the DMV database, wouldn't that also mean you have a drivers license, and therefore could use that rather than the app? What's preventing someone from impersonating someone else by scraping the internet for "similar" faces to their own, finding the associated id, and claiming that they're that person?
Record linkage and master data management are far from trivial. In any large number of people there will be enough duplicate values and data errors to cause a large number of false positive and false negative matches. We deal with this constantly in the healthcare industry because patient records arrive from a variety of different sources and there is no single reliable source of truth. A sophisticated matching algorithm can do fairly well but it's impossible to achieve 100% accuracy.
> If your photo is in the DMV database, wouldn't that also mean you have a drivers license, and therefore could use that rather than the app
Perhaps today, but if the REAL ID rules ever actually kick in, just having a driver's license won't necessarily be enough. It got pushed back from an Oct start date to some unspecified future date.
There's been some press about this, but when these rules do go into effect, I suspect there will be stories about people that have trouble taking their flight.
I think the TSA's theory is that if you can answer questions about the data in the Accurint record about person X correctly (i.e. your answers match the Accurint record, even if it is erroneous), you must be person X. That's the essential assumption behind the current IVCC scheme, except that it is operated by the TSA rather than a contractor.
Most DMVs feed photo data to law enforcement. There are also vendors who slurp up or facilitate the slurping of social media profiles.
Also don’t assume that this is preventative. End of the day, the point of this stuff is to leave breadcrumbs behind. In the process, they’ll hassle a few former felons or brown people with beards.
> If your photo is in the DMV database, wouldn't that also mean you have a drivers license, and therefore could use that rather than the app
Three only time I've encountered the current system for folks without ID was when I was at the airport and realized that my driver's license was in my yoga back at home. I got offered to go through the current process.
I once tried to rely on a mobile boarding pass to get through security. The process required Internet access, and I wasn't able to pull it up.
It wasn't until I was on the other side of security (via a paper pass) that I realized the airport WiFi was falsifying DNS results, and that was preventing me from pulling up the pass on the mobile device. But handling "DNS server is reachable but being actively man-in-the-middled" wasn't a code path the developer had thought of (I know I wouldn't have…). I needed to open a browser and agree to some inane ToS or watch an ad, or something, before I could get unadulterated Internet access.
Sorry, but where have you been for the last decade? This is how every free WiFi I've used all around the world has ever worked. It's not specific to airports.
I really like that I can add boarding passes to Apple Wallet and they're available totally offline. There's not a lot Wallet is good for (adoption is too low) but it's great at Boarding Passes.
I think that the only reason to use airport wi-fi is when you arrive from abroad and don't have a local SIM card yet, and your existing SIM card is for a plan that does not provide data roaming.
Otherwise, the mobile internet is vastly superior. It's even superior when it's the slow and expensive international roaming data plan. Airport's wi-fi can end up equally or more expensive and slow; I tried, both in Europe and in the US.
Non-US folks who are wondering what Real ID is, and why this site seems to hate it so much, the United States is best considered in the context of the European Union but with US internal politics regarding data sharing between the federation and its member states.
There are fifty member states with full privileges and around ten member states with reduced privileges.
The federation issues government IDs in two ways.
First, the federation government issues federation IDs in the form of passports. These are accepted as proof of identity only, and grant no additional privileges beyond proof of residency within the federation.
Second, each member state issues their own photo IDs following their own independent processes. These are neither proof of citizenship to the federation’s border control, nor to other countries, and data sharing agreements historically did not exist between the states and the federation.
The member states of the EU issue passports as the state ID card, and requires each member state to accept those passports as approximately equal to their own for most intents and purposes. The US federation also requires its member states to accept both any member state IDs and also federation passports.
“RealID” is an effort by the federation to be able to determine from your state ID card whether you are a federation member. It defines a minimum burden of proof of citizenship that states must require and verify, and presumably share with the federation, in order to issue an ID card with a federation membership indicator. For political reasons, many member states and many citizens do not believe it is appropriate for the federation to make this demand of the member states. I believe this is in contrast to the EU, where data sharing between authorities of member states regarding federation passports is required by the foundation, but I’m not 100% certain.
I hope this helps. Please treat this as a teaching example and do not make immigration, travel, taxation, or citizenship decisions based on it. I am not your lawyer.
Just a minor nitpick: A US Passport is more than proof of residency. It’s proof of citizenship. When you get a job in the US, your employer needs to check your citizenship. A passport alone does the trick. Otherwise, you need both an ID and some other proof of your right to work, like a birth certificate (birthright citizenship), naturalization card, or a work permit of some kind from the US government (green card and such).
This will be a disaster as is usually the case with government outsourcing duties to the less qualified private sector. Surely there must be a "law" named after this by now.
Realid itself is a clusterfuck. I tried to get a driver's license with it. Presented all the paperwork. Was told my signed lease was not acceptable proof of residence and that it would be impossible. I'd have to get a regular driver's license or come back at a later time, pay again and more this time for a second license. Fuck that. What a clusterfuck of stupidity. I'll try again when it renews, assuming the pandemic in the US is completely done. Or not. It's just a fact of life that to fly from state to state, one needs to carry a passport now. In a "free" country. How ridiculous.
The reason you can fly without any ID (even today - try it) is that feds cannot stop citizens from freely moving in the country (see multiple filings from TSA in various cases, incl, for example, Gilmore v. Gonzales). They do not like acknowledging this but you can do it. The procedure is secret and they refuse to explain it (even to the court), but you can do it. i've done it just to see how it would go a few times. It works. You do need to press them on it a bit.
This fee approach will not work for the same reason: it is an impediment to free movement (fee).
You need to be prepared for this by arriving to the airport with plenty of time. They will not be in a hurry to help someone with someone with no identification.
I flew without ID in Dec 2019 within the USA. I forgot both my wallet with my (non-REAL) ID, and my phone (which is a nokia dumb phone), at home and didn't realized till after the long car ride to the airport. There was no time to go back home.
We tried flying anyway. They pulled me off to the side in the security line and called up someone they said was in washington DC. The local TSA said the DC people would do a search into my life and who I claimed to be. They then asked me a series of questions about buildings (ie, a church) near where I lived, the university I went to, my father's birthday, etc. I passed despite not knowing quite a bit about my own life and they let me on the plane. But with an escort through all the security screening section.
It was nerve wracking the entire trip not knowing if I'd be able to fly home. The same process was repeated but again I answered to their satisfaction and was able to fly. I don't recommend doing this intentionally.
"The procedure is secret and they refuse to explain it (even to the court), but you can do it."
I think you're overblowing this ... as it is neither secret nor unexplainable. Any ticket agent at any airport knows exactly how to process a frantic ( mom + 2 kids ) who forgot her ID at home and the flight leaves in 75 mins.
The ticket agents, the security personnel and the gate personnel all know how to deal with (forgot ID at home).
I got home from a business trip a couple years ago, unpacked my bags, and found the switchblade I'd lost a few months prior. I went through security twice with those bags...
Better idea of course - abolish the TSA. I mean harshly enough the pandemic proves they don't really care about tens of thousands of lives so their justification for existence is even more moot - on top of their ineffectualness.
9/11 will never happen again because the idea of a plane hijacking for ransom no longer exists in passengers' minds. If someone hijacks a plane now, the passengers assume the hijackers have suicidal intent and will curb stomp the hijackers to death or die trying. So in that regard I think TSA confiscating scissors and pen knives is just silly. A simple metal detector is sufficient for finding large weapons like guns.
On the other hand, terrorists' only option now is to just destroy the plane and kill all the passengers onboard. Cabin doors are locked, so this involves blowing up a bomb concealed somewhere (checked luggage, shoes, liquid explosives, etc). How do you propose we detect whether someone is trying to smuggle a bomb on a plane without something like the TSA? Just keep an eye out for nervous passengers and report them?
In other words, if we abolish the TSA tomorrow and replace it with metal detectors, what's to stop someone from bringing a few gallons of chemical explosives in their backpack, mixing them in the lavatory, and blowing up the plane? TSA has always caught when I accidentally left a full water bottle in my backpack.
They claim that requiring a REAL-ID to fly is illegal, and link to this PDF (https://papersplease.org/wp/wp-content/uploads/2020/05/IDP-f...) which appears to be a sort of letter from The Identity Project attempting to explain that what the TSA is doing is illegal. So, I don't know if I buy that it matters. If I show up on Oct 2, 2021, without a REAL-ID (i.e., a pre-realID california driver's license, which is what I have because DMV lines are fucked and appointments are fucked too), I think I won't be able to fly, no matter how much I wave a PDF in the face of TSA officials.
Get a passport. In CA it’s the only means of getting a second ID, aka a backup ID. I once almost didn’t get a job, because DMV was late sending me my driver’s license renewal, and for one week I had no valid ID, and that was the week I needed to start work.
I bet that those responsible for 9/11 couldn’t have hoped in their wettest dreams that Americans will be subject to random strip searches and patdowns in their own country for decades to come. Terrorists and US gov response made that happen.
Time for the citizens to ask - whether that response was right.
“Those willing to give up a little bit of freedom to gain a little bit of security deserve neither and will soon lose both”
To me this isn't a question of liberty or not. I find that silly. You don't have any constitutional "right" to fly. You probably have a constitutional right to free movement within the US (whether it's walking, driving, etc).
The bigger issue with these pat downs, scans, fluid limits, etc is whether they're effective.
Bruce Schneier has written at great length (and very smartly) about this stuff. And I agree with him that the single most effective deterrent to the next 9/11 is secure cockpit doors, and a close second is passengers not willing to "allow" a plane to get hijacked anymore (whereas hijackings in the past had a sliver of hope that you'd get out safely, after 9/11 I think passengers know there might be certain death, so why not fight?)
I seriously doubt that a lot of the “such-and-such mean that the terrorists won” would score very highly on the actual terrorist’s criteria for success... they seriously desired to destroy the West and institute a theocratic Caliphate in the Middle East, and that hasn’t occurred. This is just infra-Western rumination.
I was curious what the process was ~4 years ago for this so I “misplaced” my ID flying from SF to LA and the first agent at the beginning of the line looked me up on LinkedIn then they did a bag inspection and they let me through (I had a pass on my phone).
This is an encouraging step in the right direction, though I wonder what data this external service might capture.
I have never heard an explanation of why the name of the ticket holder should matter. The stupid thermometer tests always make me think of this so-called requirement.
Is this website really arguing that you should be able to fly without identifying yourself?
I'm a big proponent of privacy and not identifying yourself to government official unless needed, but it seems like proving identify to fly is a pretty reasonable rule.
[+] [-] mLuby|5 years ago|reply
You hear the drug trade is really lucrative but you're not allowed to sell drugs, so you send your money to a contractor that sells drugs, they give you more money back, and you technically haven't "sold drugs."
Somehow, thinking breaks down at the boundary between systems, because inexplicably the constraints or guarantees of the consuming system do not propagate to the providing system.
TSA could and should be (made) identity-agnostic, with its mandate to protect vehicles and occupants. Immigration is what should care about the individual that's being allowed into the country.
[+] [-] shard|5 years ago|reply
https://www.theverge.com/2020/8/4/21353842/garmin-ransomware...
[+] [-] rsync|5 years ago|reply
I believe you have just described "banking".
[+] [-] davchana|5 years ago|reply
I swear I read it in r/stupidloopholes few days ago.
[+] [-] Muromec|5 years ago|reply
Isn’t it about flying domestic routes? (Asking from Europe)
[+] [-] dillondoyle|5 years ago|reply
[+] [-] closeparen|5 years ago|reply
Contracting with an outside organization whose policies are more suited to the task at hand is usually easier than refactoring the bureaucracy you live in.
[+] [-] A4ET8a8uTh0|5 years ago|reply
[+] [-] A4ET8a8uTh0|5 years ago|reply
Install an app that does god only know on your cell. Hard pass. I keep debating just downgrading to dumb phone, but something always stops me ( right now it is playing with Pinephone ).
This, naturally, does not change the actual outcome ( can't fly without complying with TSA demands ), but I thankfully do not fly a lot these days.
[+] [-] sokoloff|5 years ago|reply
[+] [-] IgorPartola|5 years ago|reply
[+] [-] DethNinja|5 years ago|reply
[+] [-] curiousgal|5 years ago|reply
[+] [-] 082349872349872|5 years ago|reply
[+] [-] gruez|5 years ago|reply
[1] https://beta.sam.gov/api/prod/opps/v3/opportunities/resource...
[+] [-] nradov|5 years ago|reply
[+] [-] banana_giraffe|5 years ago|reply
Perhaps today, but if the REAL ID rules ever actually kick in, just having a driver's license won't necessarily be enough. It got pushed back from an Oct start date to some unspecified future date.
There's been some press about this, but when these rules do go into effect, I suspect there will be stories about people that have trouble taking their flight.
[+] [-] ehasbrouck|5 years ago|reply
[+] [-] Spooky23|5 years ago|reply
Also don’t assume that this is preventative. End of the day, the point of this stuff is to leave breadcrumbs behind. In the process, they’ll hassle a few former felons or brown people with beards.
[+] [-] ajmurmann|5 years ago|reply
Three only time I've encountered the current system for folks without ID was when I was at the airport and realized that my driver's license was in my yoga back at home. I got offered to go through the current process.
[+] [-] deathanatos|5 years ago|reply
* The WiFi in the airport is hostile? No Fly.
I once tried to rely on a mobile boarding pass to get through security. The process required Internet access, and I wasn't able to pull it up.
It wasn't until I was on the other side of security (via a paper pass) that I realized the airport WiFi was falsifying DNS results, and that was preventing me from pulling up the pass on the mobile device. But handling "DNS server is reachable but being actively man-in-the-middled" wasn't a code path the developer had thought of (I know I wouldn't have…). I needed to open a browser and agree to some inane ToS or watch an ad, or something, before I could get unadulterated Internet access.
[+] [-] EE84M3i|5 years ago|reply
[+] [-] beojan|5 years ago|reply
This is pretty common for public WiFi.
[+] [-] Xavdidtheshadow|5 years ago|reply
[+] [-] nine_k|5 years ago|reply
Otherwise, the mobile internet is vastly superior. It's even superior when it's the slow and expensive international roaming data plan. Airport's wi-fi can end up equally or more expensive and slow; I tried, both in Europe and in the US.
[+] [-] floatingatoll|5 years ago|reply
There are fifty member states with full privileges and around ten member states with reduced privileges.
The federation issues government IDs in two ways.
First, the federation government issues federation IDs in the form of passports. These are accepted as proof of identity only, and grant no additional privileges beyond proof of residency within the federation.
Second, each member state issues their own photo IDs following their own independent processes. These are neither proof of citizenship to the federation’s border control, nor to other countries, and data sharing agreements historically did not exist between the states and the federation.
The member states of the EU issue passports as the state ID card, and requires each member state to accept those passports as approximately equal to their own for most intents and purposes. The US federation also requires its member states to accept both any member state IDs and also federation passports.
“RealID” is an effort by the federation to be able to determine from your state ID card whether you are a federation member. It defines a minimum burden of proof of citizenship that states must require and verify, and presumably share with the federation, in order to issue an ID card with a federation membership indicator. For political reasons, many member states and many citizens do not believe it is appropriate for the federation to make this demand of the member states. I believe this is in contrast to the EU, where data sharing between authorities of member states regarding federation passports is required by the foundation, but I’m not 100% certain.
I hope this helps. Please treat this as a teaching example and do not make immigration, travel, taxation, or citizenship decisions based on it. I am not your lawyer.
[+] [-] anonunivgrad|5 years ago|reply
[+] [-] mnm1|5 years ago|reply
Realid itself is a clusterfuck. I tried to get a driver's license with it. Presented all the paperwork. Was told my signed lease was not acceptable proof of residence and that it would be impossible. I'd have to get a regular driver's license or come back at a later time, pay again and more this time for a second license. Fuck that. What a clusterfuck of stupidity. I'll try again when it renews, assuming the pandemic in the US is completely done. Or not. It's just a fact of life that to fly from state to state, one needs to carry a passport now. In a "free" country. How ridiculous.
[+] [-] dmitrygr|5 years ago|reply
This fee approach will not work for the same reason: it is an impediment to free movement (fee).
You can read more here: https://papersplease.org/wp/2015/04/09/why-did-the-tsa-preve...
[+] [-] dylan604|5 years ago|reply
[+] [-] superkuh|5 years ago|reply
We tried flying anyway. They pulled me off to the side in the security line and called up someone they said was in washington DC. The local TSA said the DC people would do a search into my life and who I claimed to be. They then asked me a series of questions about buildings (ie, a church) near where I lived, the university I went to, my father's birthday, etc. I passed despite not knowing quite a bit about my own life and they let me on the plane. But with an escort through all the security screening section.
It was nerve wracking the entire trip not knowing if I'd be able to fly home. The same process was repeated but again I answered to their satisfaction and was able to fly. I don't recommend doing this intentionally.
[+] [-] rsync|5 years ago|reply
I think you're overblowing this ... as it is neither secret nor unexplainable. Any ticket agent at any airport knows exactly how to process a frantic ( mom + 2 kids ) who forgot her ID at home and the flight leaves in 75 mins.
The ticket agents, the security personnel and the gate personnel all know how to deal with (forgot ID at home).
[+] [-] tfolbrecht|5 years ago|reply
Questions: Name DOB Family members names Home address Nearby landmarks
All public info.
If there's nothing going on behind the scenes it's just more security theater.
[+] [-] Mary-Jane|5 years ago|reply
[+] [-] Nasrudith|5 years ago|reply
[+] [-] umvi|5 years ago|reply
On the other hand, terrorists' only option now is to just destroy the plane and kill all the passengers onboard. Cabin doors are locked, so this involves blowing up a bomb concealed somewhere (checked luggage, shoes, liquid explosives, etc). How do you propose we detect whether someone is trying to smuggle a bomb on a plane without something like the TSA? Just keep an eye out for nervous passengers and report them?
In other words, if we abolish the TSA tomorrow and replace it with metal detectors, what's to stop someone from bringing a few gallons of chemical explosives in their backpack, mixing them in the lavatory, and blowing up the plane? TSA has always caught when I accidentally left a full water bottle in my backpack.
[+] [-] totetsu|5 years ago|reply
[+] [-] rootsudo|5 years ago|reply
[+] [-] rolph|5 years ago|reply
[+] [-] gruez|5 years ago|reply
[+] [-] komali2|5 years ago|reply
[+] [-] jbritton|5 years ago|reply
[+] [-] option|5 years ago|reply
Time for the citizens to ask - whether that response was right.
“Those willing to give up a little bit of freedom to gain a little bit of security deserve neither and will soon lose both”
[+] [-] atonse|5 years ago|reply
The bigger issue with these pat downs, scans, fluid limits, etc is whether they're effective.
Bruce Schneier has written at great length (and very smartly) about this stuff. And I agree with him that the single most effective deterrent to the next 9/11 is secure cockpit doors, and a close second is passengers not willing to "allow" a plane to get hijacked anymore (whereas hijackings in the past had a sliver of hope that you'd get out safely, after 9/11 I think passengers know there might be certain death, so why not fight?)
[+] [-] qubex|5 years ago|reply
[+] [-] DangitBobby|5 years ago|reply
[+] [-] etxm|5 years ago|reply
It was very ... lenient.
[+] [-] hatenberg|5 years ago|reply
Much these days boils down to
"Like China, but worse technical execution and privatized to some contractor (who is probably a family member)"
[+] [-] gumby|5 years ago|reply
I have never heard an explanation of why the name of the ticket holder should matter. The stupid thermometer tests always make me think of this so-called requirement.
[+] [-] refurb|5 years ago|reply
I'm a big proponent of privacy and not identifying yourself to government official unless needed, but it seems like proving identify to fly is a pretty reasonable rule.