Mar 18 2009

Air France puts digital fingerprints in RFID boarding passes

Yesterday (just in time for tomorrow’s planned strike by French air traffic controllers, which is expected to force the cancellation of many of their flights), Air France began a public beta test of what they are calling a “smartboarding” card, as depicted in this video (and third-party videos in English and another in French) and photos and as described in this press release:

This new system is a world first. With a personal card which contains the latest biometric technology (encrypted fingerprints), RFID (radio frequency identification) and thermal printing (the back of the card can be reused up to 500 times), these passengers will be able to board through a dedicated portal whenever they choose.

Developed together with Citizengate, the smartboarding® service has 4 stages:

1. In a special office at the airport (Paris-Charles de Gaulle Terminal 2F), customers can obtain their personal smartboarding® card in just a few minutes which is immediately operational. During registration, all the customer’s identity information (surname, first name, Flying Blue membership number), as well as their encrypted fingerprints is transmitted to the smart card. This registration stage is only carried out once and no files are kept by Air France.

2. On the day of departure, after having checked in by whichever means they have chosen (self-service kiosks, Internet, mobile phone, check-in counter), customers insert their card into the smartboarding® kiosk which comes out with their boarding pass printed on the back.

3. As soon as boarding starts, passengers choose the precise time they wish to board through a dedicated portal situated near the jetway. This equipment checks that the passenger is alone and then reads the information on the smartboarding® card and compares it with the passenger’s fingerprints. If these tests, which are the equivalent of the usual checks carried out to match a boarding card (paper or mobile phone) to a passport are positive, the gate opens to allow the passenger to board the aircraft.

4. At the door of the aircraft, passengers show the back of their card to the crew, in the same way as a normal boarding pass.

The system is extremely vulnerable, of course, to any attack that could spoof the fingerscanner or crack the encryption of the card. But Air France doesn’t specify what type (and range) of RFID chip is being used, how the fingerprints are digitized, or how they and the other data on the card are encrypted. Ah, the superiority of security by obscurity.  We’ll leave further analysis of the system’s vulnerabilities as an exercise for our readers.

Karen Gillo, spokesperson for Air France USA, reiterated to us that, as stated in the FAQ which enrollees in the program must sign, “no personal information is stored anywhere other than in the card that is given to the customer — and they may choose to destroy it at any time that they choose.”  All that means, we suspect, is that the digitized fingerprints aren’t stored by Air France in a central database.

But would the gendarmerie need a court order to tap the data stream from the fingerscanner at the boarding gate? And is the use of the “smartboarding” card included in check-in details in Passenger Name Records (PNRs) passed on to government agencies, Departure Control System records, or operational logs of the “smartboarding’ kiosks or portals? We’ll assume it is until we see PNRs and other records of “smartboarding” users showing otherwise.  Only requests for their records by participants in the test could tell us for sure, and then only if Air France complies with the law.  We’ve had no response after almost than 2 months to our request under French law for Air France to provide us with its records of our most recent flights.

The most important personal information associated with the RFID chip in the “smartboarding” card is likely to be found in the logs of its use, as well as those of any RFID readers set up in airports, or anywhere else, by airlines, airports, government agencies … or anyone else who wants to keep track of who passes by, and exactly when.

It’s a perfect example of the coincidence of industry desires for business process automation and labor efficiency on the one hand, and facilitation of surveillance (both by industry for marketing, and by governments) on the other.

For now, this is optional, only a test, and only for flights from Paris to Amsterdam.  But how soon will it be made the norm, or will those passengers who don’t want to carry a radio tracking beacon broadcasting their fingerprints be restricted to a smaller and smaller number of slower second-class check-in kiosks and boarding gates?

Leave a Reply

Your email address will not be published. Required fields are marked *