Airport Security - Worrying About When Good People Go Bad

I had an op-ed in The Mercury News this last Sunday entitled "Risks unknown for ‘registered traveler’ participants."

I travel a lot. So learning the little nuances of each airport I frequent comes in very handy. I have been able to pull off little stunts like driving five miles, parking my car, getting my boarding pass at a kiosk, clearing security and getting to my gate in 17 minutes. Of course, this takes a lot of luck, too. One long line and poof … you miss a flight especially when not allowing more than 45 minutes between airport arrival and the plane’s departure

As I mentioned in my op-ed, I planned on taking the plunge and therefore enrolled in the Clear Registered Traveler program yesterday. Handing over my biometrics and subjecting myself to a background check will be well worth shorter airport lines, especially if this program turns up at airports I actually frequent.

Before I made this leap, for once I read the Privacy Policy. It seems they have done a decent job communicating their intentions and protections. Obviously if you have an outstanding criminal warrant, this would not be a good program for you!

When I think about this program and programs like this – while there is some additional risk introduced anytime one reveals more of his/her personal information – the other [big] risk is what happens when a good guy who gets the "Approved Security Threat Assessment" stamp from the Transportation Security Administration decides to become a bad guy later.

When good guys go bad (the "insider threat") is a nasty problem. And while this program has wisely opted for a perpetual credentialing process, something I strongly advocate, detecting the lone gunman scenario, where the bad guy works alone, is a very hard problem. I hope the perpetual credentialing program they have in place is topnotch.

Nonetheless, I’m eager to have as many airport shortcuts as I can get my hands on!

Jeff Jonas is the chief scientist of IBM Software Group’s Threat and Fraud Intelligence unit and works on technologies designed to maximize enterprise awareness. Jeff also spends a large chunk of his time working on privacy and civil liberty protections. He will be writing a series of guest posts for Netcrime Blog.

For more on Entity Analytics, click here.