Technology and the 9/11 Commission

Former government undersecretary William Schneider Jr. says the United States needs better identity authentication practices.

3 min read
The 9/11 Commission report reaffirms the importance of protecting individual identities both from theft and from unauthorized use by criminals and terrorists--and the costs of failing to do so.

In its report, released in July, the panel said: "Fraud in identification is no longer just a problem of theft...sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists."

Identity authentication is the single most important measure to deny criminals or terrorists access to property, bank accounts, the commercial transportation infrastructure and similar crucial institutions of a modern state. This applies to both foreign visitors and U.S. citizens.
Some critics fear that authenticating individual identities will compromise privacy. In fact, the reverse is true.

Identity authentication is becoming a widespread tool to prevent identity theft, which can facilitate criminal and terrorist activities. For example, terrorists have taken advantage of diminished scrutiny of low-balance bank accounts to move funds for support of terrorist operations. As a result, Congress has approved legislation requiring that financial institutions verify the identities of all new customers.

Nearly three years after Sept. 11, 2001, we have failed to close the most conspicuous gap in identity authentication, in the area of our greatest vulnerability: commercial air travel. The existing system, which depends on crude and easily foiled passenger profiling strategies, has failed catastrophically, as the commission's detailed report on the Sept. 11 hijackings confirms.

Setting up a modern information-based process to confirm individual identities is indispensable for any security system. This includes using advanced technologies that rely on unique physical (biometric) identifiers such as fingerprints, retinal patterns, facial images and other characteristics. Biometric identifiers are reliable only if these unique data are securely tied to a specific individual with a positively established identity. Biometric checks are just part of a broad strategy that should include information-based and token identity validation.

Biometric identification systems will increase our security significantly. However, identification systems based on unique biometric characteristics will probably be costly and require many years to complete.

Identity authentication techniques can be implemented now and can mitigate the air transport system vulnerabilities identified by the 9/11 Commission report. By compiling basic information from individuals in an information-based identity authentication system, the airport screener can ask the passenger for information to compare with personal data already available to the screener, such as date of birth, first residence and mother's maiden name.

The strength of the system is that a terrorist or criminal trying to steal another's identity probably cannot know every bit of information about the person whose identity is in question.

Moreover, statistical modeling and scoring techniques developed for the financial services industry to prevent credit card fraud can be applied to identify authentication. Doing so can provide high confidence about identity authentication in near-real time, reducing airport screening delays. Because commercial modeling and scoring techniques are applied via software, overall costs to both passengers and the government can be reduced.

Alas, plans for the Transportation Security Administration to set up a modern information-based identity authentication system for air travel have been delayed by disputes based on misunderstandings about such a system's nature. Some critics fear that authenticating individual identities will compromise privacy. In fact, the reverse is true.

Authenticating an individual's identity is one of the most important ways to assure privacy at a time when technologies to compromise that privacy are growing rapidly. Only by authenticating individual identities can we effectively protect the constitutional privacy rights of U.S. citizens, and the ability of visitors to travel freely.