Interoperable airport credential won’t be easy
09 October, 2008
category: Contactless, Corporate, Government, Library
TSA considers biometric ACIS program but airports are not convinced
By Zack Martin, Editor
The Transportation Security Administration wants airports across the country to issue and use an interoperable credential. If a flight attendant at Chicago O’Hare International Airport was on a crew flying in and out of Atlanta’s Hartsfield Airport, the ID card and information stored on it could be read at both locations while the attendant only had to register at one location.
The vetting process would also be standardized for all airports, said Chris Runde, with the Transportation Threat Assessment and Credentialing Office at the TSA. Runde gave a presentation on the proposed new Airport Credential Interoperability Specification (ACIS) at the Interagency Advisory Board meeting in Washington this summer.
But airports have mixed feelings on the idea of an interoperable credential, says Carter Morris, senior vice president at the American Association of Airport Executives. Since 9/11 many airports have already taken the time and spent the money to upgrade their credentialing systems with many using biometrics. The AAAE also has created the Biometric Airport Security Identification Consortium to work with the TSA on biometric access control in airports.
Morris says airports are generally in favor of technical interoperability of credentials between sites. But they don’t want the interoperability of the ID to subvert their local access control system.
For example, a United Airlines employee based out of San Francisco would be credentialed there and have the necessary access control privileges. The same employee would have to go to Denver on business regularly and would like certain access control privileges there as well.
But instead of having the credential just work at Denver, the employee would have to check in with officials there and take the appropriate steps. The credentials would have to be verified and the employee could either be issued a new credential or have the existing credential activated to work at Denver. “The idea is to tighten overall security but also enable airports to maintain the local control they have already established,” Morris says.
This is the idea behind ACIS, says Roger Roehr, manager for the government vertical at Tyco Fire & Security. “Just because you have an interoperable ID doesn’t mean you have to accept it,” he says. Airports could decide on a case-by-case basis whether or not they want to accept the IDs and what privileges to give to the holder. Roehr is also chairman of the physical access council at the Smart Card Alliance.
An airport workers credential potentially could be issued to 1.5 million airport workers and hundreds of thousands of airline workers, Runde says. The card would use a modified FIPS 201 specification. ACIS would want to use contactless biometric verification and PIV currently doesn’t support that. Runde said the TSA is looking at the TWIC program to learn from it as well.
Linking the credential to the individual is the primary purpose behind ACIS. The proposed credential would have airport and airline workers electronically verify their identity when entering a secure area instead of using the flash pass, which is typical at most airports today. “Now there’s little assurance that the person holding the card is who it was issued to,” Runde says.
There’s the issue of multiple background check that the different sites may perform on the same worker as well. ACIS would enable workers to undergo one check and be done. The TSA also is working on a way to “perpetually” check an individual’s background. For example, if a worker was arrested or got in trouble the TSA would find out and the credential could easily be revoked. “Do the vetting once and do it perpetually until you are out of our population,” Runde says.
An interoperable ID also would eliminate the need for airline workers to carry around a stack of different ID cards, one for each airport, Runde says. Airline workers would not have to register at each individual airport.
ACIS is still in the early stages, Runde says. A specification has been routed to industry for comment, but the initiative doesn’t have any funding yet so it’s unclear how far it will get.
Using biometrics for airport workers may have some support from Congress. Rep. Bennie G. Thompson (D-Miss.), chairman of the Committee on Homeland Security, introduced H.R. 5982, The Biometric Enhancement and Airport-Risk Reduction (BEAR) Act of 2008. The legislation enhances previous aviation security efforts by ensuring proper introduction of biometric identification credentials to airport workers. The act passed the U.S. House of Representatives in June.
The bill would require the Transportation Security Administration to study existing and proposed biometric security programs at airports, and to see how airports can transition to standards-based interoperable biometric systems and to submit to Congress a breakdown on best practices for issuing biometric credentials for airport employees.
