Airlines are exploring biometrics to improve security, but it won't be cheap--or easy
Arriving at New York's LaGuardia Airport, an American Airlines passenger proceeds to the nearest kiosk. After swiping her smart card through a machine, she presses her index finger on a pad attached to the device to confirm that she's the authorized holder of the card and her boarding pass is printed. At the gate, she puts her finger on another fingerprint-reading device to reconfirm her identity, then steps onto the plane.
Another passenger who's arrived at the airport for the same flight doesn't have a smart card, so he proceeds to the check-in desk. An airport employee asks to see his ID and scans his fingerprint into a machine, where it's stored on a temporary basis, while a camera above the employee's head takes his picture; his facial image is compared with images stored in a database of suspected terrorists that federal agencies maintain. Before boarding the plane, he goes through another face-scanning at the gate and places his finger on a reader there to prove he's the same man who previously checked in.
It may sound like science fiction, but much of this technology already exists, and some of it is being tested in airports. Biometric technology may soon come to an airport near you, as the government attempts to assure a travel-wary public that it's safe to fly. Reps. Jim Matheson, D-Utah, and Mike Honda, D-Calif., members of the House aviation subcommittee, are sponsoring a bill proposing that the National Institute of Standards and Technology develop standards and measurements for the use of biometric technologies in the airline industry. The Aviation Security Technology Enhancement Act seeks to set aside $45 million for a pilot program to be conducted by the Federal Aviation Administration in at least 20 national airports to test and evaluate smart-card, facial-recognition, and iris-scanning security initiatives. Part of the money will also go toward helping the FAA and other federal agencies, including the Office of Homeland Security, establish a database with images of suspected terrorists that can be incorporated into air-passenger screening systems.
But there's no widespread industry support for adopting these technologies yet. Some airlines say that biometric security products aren't reliable enough and are too expensive. And because U.S.-owned airlines have made it policy not to compete with one another on security, it's unusual for an airline to adopt a security technology on its own. Another obstacle: Observers have raised privacy concerns about the use of biometrics.
Even with the federal government's $15 billion bailout of the airline industry, the airlines are in their worst financial shape ever. Nearly all major airlines recently posted record losses, so they're closely watching how they spend their IT dollars. A Senate bill on the table would make the FAA responsible for reimbursing airports for security upgrades, but for now, the industry bears the costs of security procedures, which can mushroom quickly. The cost of installing facial-recognition systems alone could run $25,000 per gate--about $1 million for a midsize airport.
Continental Airlines Inc. says it's working closely with the FAA and other airlines on security. But biometrics initiatives may be a ways off, says Continental CIO and senior VP Janet Wejman. "Such a shift takes thought and time and money," she says. "You have to convince people that this is the right way to go, because it's not a quick ROI."
Airlines have so far avoided investing in unproven technologies with unclear ROI, says Alaska Airlines CIO Reeder.
The airlines consider these biometric tools unproven technologies that don't offer a clear return on investment. In recent years Alaska Airlines Inc. has considered facial-recognition technology, says CIO Rob Reeder. But it hasn't been able to justify the investment because the technology isn't accurate enough; critics charge these systems can be fooled even by simple changes to a person's appearance.
Cost has kept Southwest Airlines Co. from testing any biometric technologies, a spokeswoman says. Instead, the airline is ramping up IT on other fronts with a clearer relation to revenue, such as more targeted E-mail marketing campaigns.
Delta Air Lines Inc. says it's reviewing technologies that enhance security, but it hasn't committed to any. Instead, it's focusing on technology that makes customers' travel experience more convenient and faster. For example, the airline continues to invest in self-service kiosks that let frequent-flier customers check themselves in and get boarding passes.
Vendors admit that some objections to the use of biometric technology are valid. For instance, fingerprint ID technologies have the advantage of offering a high level of accuracy, because each fingerprint image contains 256 Kbytes of data. But storing all that data can be expensive.
IBM says it has a solution. Along with its partners, IBM has developed technology to scan a person's hand rather than his fingerprint, company officials say. It's somewhat less accurate because it records fewer data points for each individual, but it still provides a high degree of certainty that a match is valid. While the cost of a hand-geometry scanner is higher than that of a fingerprint scanner, companies wouldn't have to spend as much on storage to support hand-scanning initiatives. IBM says it's talking to several airlines about using technology to provide two-way links to match the data that users supply when they apply for a smart ID card with that stored in government databases; the goal is to let travel companies and airlines more efficiently conduct passenger background checks.
The general public doesn't seem to mind the idea. A survey conducted by Harris Interactive last month revealed that 82% of its 2,024 respondents in the United States would be willing to have their fingerprints scanned as part of plans to increase airport security. Nearly two-thirds described fingerprint-identification technology as being extremely valuable or very valuable for airport security. A smaller number (28%) of respondents say using facial-recognition technology would be an extremely or very valuable enhancement to airport security. Boston's Logan Airport and TF Green Airport in Providence, R.I., soon will test this technology; Yosemite International Airport in Fresno, Calif., has installed a facial-recognition system at its single checkpoint.
It's a touchy subject. The American Civil Liberties Union and conservatives, including House Majority Leader Dick Armey, R-Texas, say the technology infringes on privacy. The ACLU adds that the technical limitations of facial-recognition technologies mean that innocent citizens will be harassed. But vendors of facial-recognition technology defend their products, pointing out that the systems don't retain images of people who aren't matched to suspects' images stored in databases. The technology does no more to violate privacy then a metal detector, says Tom Colatosi, president and CEO of Viisage Inc., a biometrics company working with Logan, TF Green, and Fresno.
Airlines are also looking at how they can use biometric technology to bolster internal security. But even there, it's no sure thing. Continental is interested in iris-scanning technology, which records employees' retinal data in a database, CIO Wejman says. Employees would undergo an iris scan to gain access to sensitive areas. But North Carolina's Charlotte Airport just ended an iris-scanning test, and airlines involved in the test say there are no plans to take the technology live.
Still, vendors continue to devise new biometric technologies for airlines' internal use. IBM has developed a fingerprint identification system to ensure that only pilots can control a plane. The steering mechanism would respond only to people whose fingerprints are saved in the system.
Helping the flying public feel safe again is critical to the airlines' economic survival. But for the short-term, biometrics aren't going to solve their problems.--with Robin Gareiss
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.