So according to the request for information[1], it looks like the TSA wants a system that can validate an identity exists (given name, date of birth, address, phone number) and that the identity belongs to the person using the app. The first part looks pretty trivial, given the enormous corpus of databases out there (credit reports, public records, etc.), but what about the second part? Presumably you'd need some sort of database linking identities to photos, and validate that photo against the user's selfie or something. The question is, where would that photo database come from? State DMVs? If your photo is in the DMV database, wouldn't that also mean you have a drivers license, and therefore could use that rather than the app? What's preventing someone from impersonating someone else by scraping the internet for "similar" faces to their own, finding the associated id, and claiming that they're that person?
I think the TSA's theory is that if you can answer questions about the data in the Accurint record about person X correctly (i.e. your answers match the Accurint record, even if it is erroneous), you must be person X. That's the essential assumption behind the current IVCC scheme, except that it is operated by the TSA rather than a contractor.
> If your photo is in the DMV database, wouldn't that also mean you have a drivers license, and therefore could use that rather than the app
Perhaps today, but if the REAL ID rules ever actually kick in, just having a driver's license won't necessarily be enough. It got pushed back from an Oct start date to some unspecified future date.
There's been some press about this, but when these rules do go into effect, I suspect there will be stories about people that have trouble taking their flight.
Most DMVs feed photo data to law enforcement. There are also vendors who slurp up or facilitate the slurping of social media profiles.
Also don’t assume that this is preventative. End of the day, the point of this stuff is to leave breadcrumbs behind. In the process, they’ll hassle a few former felons or brown people with beards.
Record linkage and master data management are far from trivial. In any large number of people there will be enough duplicate values and data errors to cause a large number of false positive and false negative matches. We deal with this constantly in the healthcare industry because patient records arrive from a variety of different sources and there is no single reliable source of truth. A sophisticated matching algorithm can do fairly well but it's impossible to achieve 100% accuracy.
> If your photo is in the DMV database, wouldn't that also mean you have a drivers license, and therefore could use that rather than the app
Three only time I've encountered the current system for folks without ID was when I was at the airport and realized that my driver's license was in my yoga back at home. I got offered to go through the current process.
[1] https://beta.sam.gov/api/prod/opps/v3/opportunities/resource...
reply