borderline security theatre performing asymmetric risk with no-fly lists and biometric...
TRANSCRIPT
![Page 1: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/1.jpg)
Borderline Security TheatrePerforming asymmetric risk with no-fly
lists and biometric identification
Andrew ClementInformation Policy Research Program
Identity, Privacy & Security Initiative
Fac. of Information Studies, Univ of Toronto
Presentation, Documentation and Mediation New Sciences of Protection
IAS, Lancaster University
Mar 14, 2008
![Page 2: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/2.jpg)
Some notably ‘UnSafe’ persons
Ted Kennedy (US Senator)– Name match > flight boarding difficulties (x5)
Yusuf Islam (singer, peace advocate)– aka ‘Cat Stevens’– Removed en route from UK>US flight, 2004)
Ann Wright (Colonel, US Army Ret’d)– On FBI ‘criminal’ list > denied Canadian entry
Maher Arar (Canadian engineer)– ‘Person of interest’ > ‘extraordinary rendition’
![Page 3: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/3.jpg)
Less publicized ‘UnSafe’ persons
Some other Canadian citizen’s recently denied entry to the US:• Karim Meziane, physicist, Univ of New Brunswick (2004)
– CAUT gets about 12-24 of these kinds of complaints a year.
• Muzaffar Iqbal, chemist (2003) • Mohamed Hassan Mohamed, PhD student, U of Alberta (2003)• John Clarke, Canadian anti-poverty activist, in 2002• Ahamad Kutty, Muslim cleric (2003)• Andrew Feldmar, Psychiatrist (2007)
People named:• Bill Graham, T. (E.?) Kennedy, John Lewis, Patrick Martin,
James Moore, David Nelson, Robert Johnson, …Plus many (30,000++) more -
The US government's ‘terrorist screening database flagged Americans and foreigners as suspected terrorists almost 20,000 times’ in 2006, but with few arrests or detentions. (Washington Post, Aug 25, 2007)
![Page 4: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/4.jpg)
Observations - I
‘Nothing to hide, nothing to fear’?
Let’s bury this myth!
Reflect a pre-emptive ‘war on terrorism’
See Illusions of Security, by Maureen Webb
Are we safer with these measures?
Let’s look at no-fly lists
![Page 5: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/5.jpg)
No-fly basics
1. PNR reservation data > security agency
2. Analysis & vetting against watch lists
3. Data back to airline
4. Check-in screening
Board flight or Detained
![Page 6: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/6.jpg)
Situational awareness and risk management support
Processing of screened
data
Pre-screening
Processing of pre-screened
data
Screening
Dialogsupport
Decision-making support
Formingthe
person’s file
Global database
Decision making
Visible band
camera
Visible band
camera
IR band camera
IR band camera
IndividualLine/lounge
Voice analyzer
Officer
Level 3: Works for detection of early warning information
Dr.Svetlana N. Yanushkevich, IPSI lecture, slide #5, October 2007
The future of airport ‘security’?
![Page 7: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/7.jpg)
U.S. No-fly operations
Airline passenger profiling schemes– Computer-Aided Passenger Pre-screening System (CAPPS)
1997-– Computer-Aided Passenger Pre-screening System (CAPPS - II)
2002-04 (never implemented)– Secure Flight 2004- ?? (not yet implemented)
Plagued by policy controversy and implementation difficulties
ACLU concerns about:– Ineffectiveness– Lack of due process and redress– ‘Mission creep’– Unreliable watch lists
![Page 8: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/8.jpg)
Canada’s ‘Passenger Protect’
Implemented by Transport Canada, June 18, 2007 If name, age, gender matched on ‘Specified
Persons List’ (‘individuals who may pose an immediate threat to aviation security’) could be denied boarding
Applies to anyone ‘who appears to be 12 years of age or older.’
Appeals to Office of Reconsideration (OOR) + … “Too dangerous to fly, but too innocent to arrest?”
- Lyon, June 5, 2007
![Page 9: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/9.jpg)
Biometric Basics
A Biometric system has three basic functions:
Enrolment is the process of establishing a template for a particular real world entity (Clarke, 1994)
Authentication involves the one to one (1:1) match of a claimed identity to one in the system database. Authentication is a true/false test for identity that compares the input at the user interface to a specific template
Identification is the process of recognizing a real world entity (Clarke, 1997). Unlike authentication where the system checks the new input against a single specific template, the process of identification requires the system to check an unknown to all of the templates in its database (1:N). Identification, is a specific function of biometric systems.
![Page 10: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/10.jpg)
Biometric travel documents
Smart Borders (Canada-US)– Common standards for (multiple) biometric identifiers (Dec 2001)
ICAO (International Civil Aviation Organization) – “... If a state is putting biometrics on its travel documents, the
incorporation of a facial image is mandatory …” (May 19, 2003)
US-VISIT (based on USA PATRIOT Act)– Digital scans of both index fingers and facial image are required of
non-Americans (January 5, 2004)
UK Biometric Passport & ID card (2006+?) – Facial image stored on an embedded RFID chip
EU Proposed biometric ID– Finger print and facial image - 'Draft Council Regulation on
standards for security features and biometrics in passports and travel documents issued by Member States'.
QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.
![Page 11: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/11.jpg)
American Airlines #11
American Airlines #77
United Airlines #93
United Airlines #175
Which 9/11 attackers would pass?
![Page 12: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/12.jpg)
London bombers? (July 7, 2005)
Mohammad Sidique Khan, 30
Hasib Mir Hussain, 18
Shehzad Tanweer, 22
Germaine Lindsay
Can any ID
scheme catch
attackers like
these?
No!
![Page 13: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/13.jpg)
Everyone with a ‘clean’ record passes– Most 9/11 & London attackers had NO record of suspicion– Terrorist training manual: “fit in” as “normal”– Can repeatedly test screening system, then only need to
pass once!
“The positive identification of individuals does not equate to trustworthiness or lack of criminal intent.” (emphasis in original)
(Ben Shneiderman, USACM testimony at the Congressional Hearings on National Identification Card Systems, Nov 2001)
It’s not about identity
![Page 14: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/14.jpg)
Applying the Four Part TestThe burden of proof must always be on those who claim that some new intrusion
or limitation on privacy is necessary. Any proposed [security] measure must meet a four-part test:
1. Necessary: It must be demonstrably necessary in order to meet some specific need
2. Effective: It must be demonstrably likely to be effective in achieving its intended purpose. In other words, it must be likely to actually make us significantly safer, not just make us feel safer.
3. Proportionate:The intrusion on privacy must be proportional to the security benefit to be derived.
4. Minimal: and it must be demonstrable that no other, less privacy-intrusive, measure would suffice to achieve the same purpose.
Privacy Commissioner of Canada, Nov’02, derived from Oakes
![Page 15: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/15.jpg)
Observations - II
Security vs. Civil Liberties?
If there is no clear case for a security gain, then don’t concede a civil liberties tradeoff!
![Page 16: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/16.jpg)
This is Security Theatre (or worse)
Security Theatre: “… ostensible security measures which have little real influence on security whilst being publicly visible and designed to show that action is taking place.”
See: Schneier, Bruce. Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Copernicus Books, 2003, p. 38
![Page 17: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/17.jpg)
Designing Safe Traveling
Refuse no-fly & biometric ID security measures unless demonstrably effective and safe– independent assessment of efficacy and
safety– adequate legal framework based on the rule
of law• openness, transparency, presumption of innocence
– adequate remedies and effective oversight • expeditious complaint and redress process, breach
notification
Resistance, agit-prop, travelers rights,…– e.g. www.passageoublie.org
![Page 18: Borderline Security Theatre Performing asymmetric risk with no-fly lists and biometric identification Andrew Clement Information Policy Research Program](https://reader035.vdocuments.site/reader035/viewer/2022062518/56649f285503460f94c4059c/html5/thumbnails/18.jpg)
More generally, we need:
Intelligent public discussion of risk– The threat of terrorism is almost negligible in comparison
to more normalized ones
(e.g. auto travel)
Understanding the dynamics of animosity– how generated– how mitigated– how avoided….