Airport Security designs revolve around biometrics

A significant part of the federal call to arms in the war on terrorism was the creation of the U.S. Transportation Security Administration (TSA).

Sep 1st, 2002
Th 102779

By J.R. Wilson

A significant part of the federal call to arms in the war on terrorism was the creation of the U.S. Transportation Security Administration (TSA). This agency is charged with dramatically improving the security of the transport system throughout the United States, with a special emphasis on airport security.

The Aviation and Transportation Security Act signed into law by President Bush in November 2001 created TSA within the U.S. Department of Transportation and, for the first time, made security

for all modes of transportation a responsibility of the federal government. While the public emphasis has been on aviation, that also includes maritime, highway, rail, and pipeline security.

Congress also set two major aviation-security deadlines for TSA:

  1. by this November, all airport passengers and property must be screened by a federal workforce; and
  2. by the end of this year, all checked baggage must be screened for explosives.

Members of Congress are trying to extend the second deadline by one year, citing the original goal as "unrealistic", but have taken no final action.

Technology choices

TSA experts are to choose the technologies to accomplish both tasks. Members of the new agency say they will need at least 65,000 federal workers to screen the 420 million passengers and 900 million bags that move through U.S. airports every year - a number that has been steadily increasing. TSA also has ordered background checks of an estimated 750,000 airport and airline employees who have access to secured areas of airports.


Fingerprint-identification technology from Ultra-Scan reportedly picks up the vascular structure underneath the fingerprint
Click here to enlarge image

For the second requirement, TSA has contracted for two types of equipment - EDS (explosives detection systems), with plans to deploy about 1,100 systems, and ETD (explosives trace detection), with 4,000 to 5,000 systems planned for airports where space or structural limitations prohibit installation of large and heavy EDS machines, or where activity is not sufficiently high to justify the cost (see sidebar on page 19).

In many ways, however, security screening of passengers, visitors, and airport personnel is far more complicated than meets the eye, both technologically and with respect to privacy concerns. Experts are giving considerable attention to a variety of biometric systems, which use some unique aspect of each individual's own body or behavior for positive identification. Forms of biometric testing currently in place or under development include:

  • fingerprints;
  • facial recognition;
  • voice print;
  • retinal eye scan;
  • iris eye scan;
  • hand geometry;
  • hand vein patterns;
  • body coloring;
  • lip patterns;
  • dynamic signature verification;
  • keystroke verification; and
  • gait (movement) recognition.

The first step toward this actually began in 1997 with the Computer-Assisted Passenger Prescreening System (CAPPS), which looked at a traveler's overall flight history to flag potential security risks for more detailed baggage checking. The 2001 Aviation Security bill mandated an expansion of that - now called CAPPS II - to include all passengers, not just those with checked baggage. Biometric systems are considered a likely identification augmentation to that requirement.

Members of the Aviation Security Biometrics Working Group have accelerated the study of various technologies and how they might work for airport security systems - primarily for airport access control, including aircrew identification. Members of the working group also are looking at passenger identification and ways to protect the public in and around airports.

The working group's co-chairs are TSA and the U.S. Department of Defense (DOD) Defense Counter-drug Technology Development Program Office. Representatives from the U.S. Customs Service, the FBI, the Defense Advanced Research Projects Agency (DARPA), National Institute of Justice, Technical Support Working Group, and the Office of National Drug Control Policy join others from government, industry, and academic organizations in that effort. Working group members say they hope to present their findings to new TSA Administrator James Loy by the end of November.


The IrisAccess device from Iridian Technolgies can capture an iris image from a glance at a mirror 3 to 10 inches away from the face.
Click here to enlarge image

Partly because of that report and other ongoing studies, TSA officials declined to be interviewed for this article; a TSA representative says members cannot yet discuss how or if biometrics may be integrated into the airport security equation.

Nevertheless, biometrics also are part of the technologies under consideration in Lockheed Martin's $350 million Phase II contract with TSA, which includes implementing new technologies at security checkpoints at all 438 U.S. commercial airports.

Separate organizations are already implementing or testing biometric security measures in the U.S. and Europe. Logan Airport in Boston, Oakland International Airport in Oakland, Calif., T.F. Green Airport in Providence, R.I., and Fresno Yosemite International Airport in Fresno, Calif., were among those adopting face-recognition software to enhance security after September 11. An ultrasonic fingerprint technology has been demonstrated at New York's JFK Airport and iris scanning has been tested at London's Heathrow and Amsterdam's Schiphol international airports.

"What and how the technology will be deployed is still very much in the planning stages," says Carter Morris, director of the American Association of Airport Executives (AAAE). "It's not a real cut-and-dried issue at this early stage and no one knows now what the world will look like. Airports are very much engaged in access control, obviously, and facilitating the efficient and secure passage of passengers through their airports.

"There has been a lot of hard thought about biometrics applications since September 11. The problem isn't in figuring out whether it increases security, but rather where the rubber meets the pavement in implementing that technology, deciding if it is mature and right for a specific airport," Morris says. "TSA was wise to recognize they could not come up with a single master plan and engaged Boeing on the baggage side and Lockheed on the passenger side to make individual airport surveys and assessments. That is clearly a step in the right direction."

Lockheed Martin Mission Systems in Gaithersburg, Md., is teaming with systems integrator KPMG Con sulting in McLean, Va., to tailor passenger-screening approaches to each individual airport. Lockheed Martin experts are doing this by reconfiguring screening lanes at airport security checkpoints and, if needed, upgrading or replacing screening equipment, such as metal detectors, X-ray machines, video cameras, and hand wands. The team also will provide logistics and orientation support for new government screening personnel. The congressionally mandated deadline for having all those security measures in place is Nov. 19.

KPMG Consulting already is under contract to develop a biometrics security capability for DOD's Common Access Card - the new standard identification card for all active duty, reserve and National Guard uniformed personnel, DOD civilian employees, and eligible contractors. The CAC smartcard permits authorized entry to installations, buildings, and controlled spaces, as well as access to military computer networks and systems. More than 600,000 cards already have been issued, with distribution expected to exceed 4 million in the next two years.

KPMG Consulting experts will evaluate and demonstrate a variety of biometric identifiers for incorporation into the card; DOD then will determine which would work best with its new security system.

"An individual's biometric identifier cannot be stolen or shared. The card is what you have, the PIN is what you know and the biometric is who you are," says KPMG Consulting managing director Michael Palmer. "Combined, you have a very strong credentialing system."

The Smart Card Solution Team includes SAFLINK Corp. of Bellevue, Wash., a developer of integrated biometric security solutions; SPYRUS of San Jose, Calif., a Public Key Infrastructure middleware provider; XTec Inc. of Olathe, Kan., a maker of smartcard readers, and Precise Biometrics of Lund, Sweden, which makes fingerprint readers.

A recent company-sponsored survey of 500 randomly selected Americans found 41 percent already have used some form of biometric identification, 94 percent support its use to improve airline security and only 11 percent consider it an invasion of privacy, says Joshua Grantz SAFLINK marketing and sales vice president.

"We believe these results reflect the influence of the Sept. 11 terrorist attacks on public attitudes toward security strategies that might previously have been considered intrusive," Grantz says. "Many have found that biometric security offers a more protected environment than passwords, PINs, photographic identification, or key-based access devices. Biometrics are far more convenient since you can't forget them and you can't leave home without them."

TSA engineers are looking at implementing a system similar to DOD's CAC for a transportation worker ID card and are developing standards for what the card should look like.

"More challenging is figuring out how at the thousands of access points around the country you will employ a technology that will allow some degree of universal access and still not completely confuse the system by not taking into account the unique nature of each airport," Morris says. "You don't want someone who is able to compromise one airport then to be able to compromise them all. But you also have pilots and crews who need to gain access to multiple airports."

Combining biometrics with smartcard technology adds a layer of additional security, but the same kinds of biometrics are not necessarily appropriate for every airport.

"I believe there is plenty of room on those cards for multiple biometric methods; you might use a fingerprint at one, a swipe and a PIN code at another, an iris scan at a third," Morris says. "At larger airports, you may have different access controls terminal by terminal. And that's not necessarily a bad thing. But the key is not in a universal system that reads the cards but in the exchange of information between the government and the localities and the flexibility of the system to accommodate multiple control systems. And airports are good at that - they've done it for decades."

The backbone of this effort will be enhancements incorporated in CAPPS II, which will include changing the responsibility for its implementation to TSA rather than relying heavily on individual airlines for technical support. TSA is seeking $45 million in the 2003 federal budget to finance CAPPS II.

The information contained within the system would come from public and law-enforcement databases as well as from individual travelers; results would be tailored to the specific needs of each access point. All would be coordinated using new technologies that were not part of the original CAPPS, such as "fuzzy logic" algorithms that can cross-reference disparate data looking for "red flag" associations.

Facial recognition has some strong advantages for airport security, says Francis Cusack, vice president and general manager of the transportation business unit at Viisage Technology in Littleton, Mass. Facial recognition can be installed overnight, it can use existing surveillance systems, it does not require a lot of space or even special infrastructure, and it can handle large numbers of people without requiring them to take any overt action.

"Part of the mandate of TSA is to make better the equipment we've had in airports for 20 years, but those only addressed half the problem," Cusack explains. "If you look at X-ray, magnetometers, bomb sniffers, etc., they all are trying to solve one problem - find the dangerous material, because in the '60s the concern was finding a bomb. Today, I think we realize the problem is not the dangerous thing, but the dangerous person. That's why we're advocating screening of everybody who boards the aircraft against a threat database."

In a test at Boston's Logan Airport earlier this year, Viisage received a database consisting of real threats from the FBI and "seeds" - airport employees, the state police, and so on - who moved randomly through the checkpoint. No attempts at disguise were made, although some of the images were several years old.

Cusack says the system software localizes the middle part of the face, ignoring hairdos, hats, head dresses, etc., and has shown "a remarkable tolerance for beards; the machine can pick up people humans would have a difficult time identifying." He says there was only one false positive in the 90 days of the Logan test and the system did not add any time to the process of moving through the checkpoint.

"Right now, the people at the checkpoint just walk through and that only takes a few seconds," he says. "If the operator declares a match, he can hit print and he has a hard copy of a picture of the guy and can get it right to the law enforcement officer at the checkpoint. Upon detection of multiple threats, how the security personnel choose to respond is something we need to develop with TSA, so when we do detect a legitimate threat we can take a look at who they are associated with."

TSA officials also are exploring a concept known as the "trusted traveler," which would incorporate biometrics into the CAPPS II effort. The trusted traveler would be someone who flies frequently and submits to an added level of background check in order to receive a special biometric smartcard permitting bypassing many of the long lines enhanced security creates at airports. Routine baggage checks would still be required, but identification would be validated with the card.

Variations of that were part of tests involving Virgin Atlantic and British Airways at London's Heathrow International Airport and all passengers using Amsterdam's Schiphol to move frequent travelers more quickly through immigration and security.

"In Amsterdam, frequent travelers can purchase a fast pass called Privium, which allows them to enter the country through a kiosk turnstile without talking to an immigration officer," says Bill Voltmer, chief executive officer of Iridian Technologies in Moorestown, N.J., which holds patents on iris scan technology. "They swipe a smartcard, get their iris picture taken, a search of Interpol is made, and the iris compared to information on the smartcard, which also includes your passport data. You also can use it on exiting the country."

In England, Virgin Atlantic and British Airways created a system where a U.S. citizen can begin enrolling for their JetStream pass at Dulles or JFK airports and complete it at Heathrow by having an iris scan recorded. Using Iridian iris scanning technology, the system was created by EyeTicket Corp. of McLean, Va.

"The next time they go to the UK, they just walk up to the JetStream kiosk at immigration, have their iris scanned, the kiosk gate opens, and they go on through," Voltmer says. "They don't have to show a passport or talk to an immigration officer."

Amsterdam authorities are planning to apply the technology to all employees at Schiphol, a program that is expected to get underway next year. In addition, Canada has announced plans to install iris recognition systems at customs and immigration checkpoints at eight major airports, beginning next year in what some industry experts have called the most far-reaching effort anywhere in the world.

While some tests are in progress using iris scanning for restricted access by airport and airline personnel in Knoxville, Tenn., and Atlanta, Ga., neither it nor any other biometric has been approved by TSA.

In the Iridian system, a program called PrivateID drives the camera, evaluates the image, and puts in degrees of security so the file can be sent to another program called KnoWho, which first evaluates the security to make sure nothing has been replaced. The program then creates the iris code - a 512-byte template that describes the unique characteristics of the iris, but cannot create a picture of it. It then performs a match, either a one-to-one comparison of a known iris (probably from the smartcard itself) or an exhaustive search of a database.

"The iris is actually the most unique element in your body. It stabilizes around the age of one and the patterns remain stable for the rest of your life, although the color may change with age. But we don't use color images; shades of gray are the important factor," Voltmer says. "We are an opt-in technology, which means the subject has to chose to participate, which we think is beneficial on the privacy side. But you don't have to touch anything. You can be as close in as 3 inches or as far away as about a meter, depending on the camera being used."

Unlike fingerprints or facial recognition systems, iris scans do not use "minutia points"; the data points used are not relative to each other.

"There are about 400 mutually exclusive data elements in an iris and we use from 240 to 270 of those at any point in time. The amount of unique data in an iris is significant; the data in a fingerprint is not," Voltmer explains. "In facial recognition, you look at the distance between the bridge of the nose and other elements on the face. All those elements are relative to each other. We don't do that. Each of the characteristics of the iris is unique and does not have to be tied to any other data element for comparison. We look at where each element fits on a standard grid. Not every eye will have the same thing in the same place, as is the case with a nose or eye or ear in facial recognition."

The key to iris scans is no two are alike, not even an individual's left and right eyes or those of identical twins, who share the same DNA.

Even so, Voltmer acknowledges all biometrics have their limitations.

"Iris recognition or any other biometric, by itself, will not be the be-all and end-all security measure, but will help in authentication, authorization, and administration at airports," he says. "We're not making any claims that iris recognition will identify a terrorist, per se, unless that individual is so identified in the database."

The most common biometric in the United States is the fingerprint, with millions already in law enforcement, military, and other government and corporate databases. However, there are three levels of fingerprint technology and the vast majority of existing records use the least reliable of the trio - ink and paper. Those fingerprint documents can smear if not taken by experts, and may scar or get dirty.

The second, more reliable, format is optical. In this process, experts take a picture of the fingertip, which eliminates smearing, yet does not eliminate contaminants that still can thwart the effort to obtain a clear, clean record for future comparison.

The most recent entrant is ultrasonic recordings, a process patented by Ultra-Scan of Amherst, N.Y., in 1990. This process reportedly can see through contaminants, scars, or even efforts to destroy fingerprints entirely with acid, and still obtain a verifiable image.

The problem with traditional and even optical methods was highlighted earlier this year when Japanese cryptographer Tsutomu Matsumoto claimed he could fool standard fingerprint systems 80 percent of the time using the same gelatin found in Gummi Bears to create a false finger, with someone else's fingerprint molded into it.

"Since September 11 there has been a real increase in concern about security, especially for access control. Biometrics has become a buzzword for all that, but as we compare these systems in the field, you find folks like Matsumoto saying he can fool the scanner 80 percent of the time. With ultrasonic technology, because we are using sound waves to build an image of the fingerprint itself, we see through any residual contaminants on the finger," says Ultra-Scan executive vice president Mike Rohleder.

"Based on input we've received from the U.S. Army and DEA [the U.S. Drug Enforcement Administration], which have both given us contracts for development, we believe fingerprints will become the long-term majority biometric, largely because of the long history of fingerprints and their validation," Rohleder says. "The others don't have the legacy databases of fingerprints, are not yet as reliable and don't have the support worldwide as a unique identifier."

Still, Ultra-Scan takes seriously the threats to valid fingerprinting such as Matsumoto points out.

"Our system is reading slightly subdermally, so in addition to modeling the fingerprint ridges themselves, it picks up the vascular structure underneath," Rohleder says. "One advantage there is it can tell if you have a live finger on the scanner. We've even tuned the system to read through latex gloves in hospitals. And our scientists are getting ready to test the Gummi Bear concept, but we don't think it will be a problem, either."

Security experts are unanimous on one point: the most dangerous and most likely successful violator will be someone from within - someone who has, in fact, been cleared for trusted traveler status or access to secured areas, but then becomes a security risk. The most frequently cited examples are Robert Hansen and Aldrich Ames, the former an FBI counterintelligence officer and the latter director of U.S. counterintelligence for the CIA, both of whom turned out to be the very Russian spies they were charged with finding.

The application of biometrics - and other security systems - to the nation's aviation system is not restricted to passengers or those who work at airports. TSA has, in fact, expanded the security curtain to include anyone who deals with an airport. Those efforts include a "known shipper" program, similar to "trusted traveler," to make air cargo - whether aboard a passenger plane or an all-cargo aircraft - as secure as any other part of the system. Other aspects include heightened perimeter control, screening individuals, goods, property, vehicles, and equipment prior to entry not only into a secured area of an airport, but also at the fence lines.

Pilot projects supporting those efforts are currently underway at nearly two dozen U.S. airports and include the entire range of potential technologies, from biometrics to smart credentials to enhanced video surveillance.

"Every biometric has its niche," says Viisage's Cusack. "Security is a game of layers; there is no silver bullet. Right now we're missing half the problem because all we're doing is looking for dangerous materials, which is a lot, but we're not looking for dangerous people.

"I'm not sure TSA is looking much past the baggage check requirements right now, not to mention the difficulties in just standing up an organization of that size so quickly in the first place. But they are aware of what we have done at Logan and I would like to see that come closer. We have to look at both halves of the problem."

The ultimate solution, says AAAE's Morris, is to combine the best technologies and the best efforts of TSA, the local airports, the airlines, and every government agency - local and national - involved in law enforcement.

"The leadership of TSA is needed to help develop a set of standards on how this system needs to operate, but no matter what you do, they need to be deployed locally and each airport is different," Morris says, citing what has become a virtual mantra of the airport community when it comes to security: "Once you've seen one airport, you've seen one airport. So internal access and passenger verification implementation at each airport has to be customized to the size and needs of each individual airport."


Federal officials face difficult decisions on putting luggage-screening systems in place at airports

Experts have made many attempts in the past two decades to develop a fast, efficient, accurate, and cost-effective system for detecting explosives in airline passenger checked and carry-on luggage. Although no such explosives were part of the Sept. 11 hijackings, that effort was made a top priority for the newly created U.S. Transportation Security Administration (TSA).

In addition to sheer size and cost, a high false alert rate plagued earlier systems, which slowed baggage processing and often had a domino effect on an entire airport's operations and airline flight schedules.

Technological accuracy aside, however, the basic problem remains of acquiring and installing any system within the deadline established by Congress - 31 Dec. 2002.

The amount of explosives detection equipment necessary to screen all checked baggage at more than 400 U.S. airports may cost at least three times that of the equipment currently deployed at airports worldwide, pointed out Alexis Stefani, the U.S. Department of Transportation's (DOT) assistant inspector general for auditing, in testimony before the House Transportation and Infrastructure subcommittee on aviation last July 23.

Even those systems that some airlines have used to screen baggage during the past five years have, for one reason or another, on average screen fewer bags per day than they should be able to handle in only two hours, Stefani told Congress. While the machines presumably are capable of screening 125 bags per hour - or a minimum of 1,250 per day - as of May, 77 percent of them were handling 750 bags or less each day.

Click here to enlarge image

As a result, past experience does not provide a realistic measure of what the baggage-screening systems in place can or cannot do.

"One of the overriding reasons the machines are underutilized is that air carriers must only have the equipment to screen the baggage of passengers requiring additional security. Measures based on the Computer Assisted Passenger Prescreening Systems (CAPPS) help airline officials determine which passenger bags need additional attention. The air carriers have the option to use alternative methods, such as positive passenger bag match, to screen all other passengers' checked baggage," Stefani told the lawmakers.

"It makes good sense to get real-world experience by maximizing the use of machines currently in operation, especially at large airports," Stefani says. "Fully utilizing the installed machines will assist TSA in determining how many machines are needed to screen 100 percent of checked baggage, give TSA and the air carriers real-world experience with screening all checked baggage using lobby-installed EDS, and provide insight into how machine downtime and maintenance requirements will impact security and passenger operations."

As of mid-July, TSA officials had placed orders for 1,025 Explosive-Detection Systems (EDS), totaling $682 million, and 1,410 Explosive-Trace Detection (ETD) units valued at $7 million. Stefani asked Congress to appropriate an additional $427 million to increase those orders by 75 explosives de tectors and 4,590 explosive-trace detectors to meet projected deployment requirements.

Boeing Space and Communications Services Co. in Seal Beach, Calif. will execute TSA's deployment strategy for checked baggage security $508 million contract that runs through the end of this year, with options totaling another $862.4 million through 2007. The initial effort is not deployment of equipment, however, but a complete site assessment of all 438 U.S. commercial airports between July and November to determine what equipment each airport requires and where is should be installed. Then comes making the necessary airport modifications and systems installations, ensuring the equipment is operational, and training an estimated 21,600 new workers to operate it.

"We have a very solid, aggressive plan which we are executing," a Boeing spokes man says. "We have put together a team composed of firms that know the American aviation system in the areas of airport architecture and en gineering, baggage handling, and CT [computer-aided to mo graphy] technology. We can count on this team, which combined with Boeing's expertise is the right choice for making this happen. We are absolutely committed to meeting our part of this important national security priority."

Boeing is teamed with Siemens Corp. in New York on the TSA venture, along with three of the nation's top airport architecture and engineering firms - Leo A. Daly in Los Angeles, Corgan Associates in Fort Worth, Texas, and DMJM Aviation of Tampa, Fla. Also on the team are Boeing subsidiary Preston Aviation Solutions of Melbourne, Australia, and TransSolutions in Fort Worth, Texas, to provide aviation infrastructure simulation and modeling; CAGE Inc. of Irving, Texas, to develop designs and operational policies for airports; and Turner Construction in Arlington, Va., supported by Hanscomb Ltd. in Ottawa to manage airport site preparation.

Siemens experts will direct installation of the equipment, including positioning of the machines, site preparation, and field service; Siemens will manage field service through a long-term support agreement.

DOT inspector general Kenneth Mead sounded a blunt warning to the House Appropriations transportation subcommittee on 20 June: "The challenge facing TSA in meeting the December 31st deadline to screen 100 percent of checked baggage is unprecedented. An effort of this magnitude has never been executed in any single country or group of countries.

"This deployment effort will be a huge challenge for TSA and Boeing, since only 200 EDS and 200 trace machines are currently in use at 56 airports for screening checked baggage (as of 12 June)," Mead warned congress. "At least 900 EDS and an estimated 5,800 trace machines will have to be installed and made operational by December 31, 2002, and an estimated workforce of 30,000 checked baggage screeners will need to be hired and trained to use the equipment."

TSA officials plan a two-phase approach, with some airports using EDS exclusively and some a mix of EDS and ETD. Several factors will help determine the mix for specific airports:

  • peak bag loads;
  • ability of the airport air carrier to integrate EDS into the baggage-handling system;
  • physical restrictions of EDS having to do with weight and size (they weigh about 4 1/2 tons and are the size of minivans);
  • construction costs of EDS installations due to excessive structural modifications needed; and
  • availability of EDS units from the manufacturers, InVision Technologies Inc. of Newark, Calif., and L-3 Communications in New York.

However, Mead says the government, which now is paying for all airport security efforts, also must consider manpower and costs; trace detectors require more people to operate than EDS, but the size and weight of EDS machines will mean substantially more capital costs in trying to integrate them into each airport's baggage-handling system.

Explosive-trace detectors look for explosive vapors and residue. They are worker-intensive because human operators must collect samples for ETD examination by rubbing different areas of suspect bags with swabs. Personnel then must drop the swabs into chemical analyzers that separate and identify any threat explosives present in less than 10 seconds; their effectiveness is dictated almost entirely by how well the human operator collected the sample. These systems are about the size of a microwave oven and are less expensive (around $40,000 each) than EDS systems. EDS machines, on the other hand, function automatically.

The EDS is based on CT X-rays, evolved from medical CATscans, and combined with specialized software that color-codes suspect items for easy analysis by a human operator, who comes in only when an alert sounds.

L-3 works with Sky Computers Inc. in Chelmsford, Mass., a wholly owned subsidiary of Analogic Corp. in Peabody, Mass., on a system called EXACT - short for explosive assessment computed tomography. With a published throughput of 500 checked bags per hour (Sky officials say the exact figure is classified), EXACT uses density algorithms to detect plastic explosives, detonators, guns, knives, or drugs, depending on its programming. It is not a "sniffer", which uses mass spectrography to detect explosive traces.

The CT unit's greatest fame is the ability to detect very thin slices of plastique.

Despite the advantages of CT, years of previous FAA testing has found CT technology is slow and has a high false alarm rate. Sky chief executive officer Don Barry says his engineers have resolved the speed issue - by at least a factor of four - and have developed new algorithms to enhance accuracy.

"You want to make sure no threats go through, but you don't want to be so sensitive that the false alarm rate goes up. Our software is balanced so that doesn't happen. The final determination threat software comes from L-3 Communications. The rest basically comes from Analogic," he says. "L-3 does the final integration, as well.

"The computer tomography is the Sky piece," Barry continues. "It is a computer than enables scalability and the reliability that is essential to an operation this important to our national security. Right now, we're in an initial design that uses general-purpose microprocessors combined with proprietary ASICs. As we move along, we're looking at ways to increase the speed of that computer and make it more efficacious."

A volumetric CT system, EXACT provides 3D images in one 24-slice scan, according to company documents, and can move from acquisition to threat assessment in five to six seconds. Other machines use single-slice CT scanners, which process data more slowly, Sky officials say.

"When the system detects a threat, there is a silent alarm, which is automatic. That enables the operator to see the nature of the potential threat. They don't have to stop the line or re-examine the bag because all the information needed is already present. That bag can then be diverted and the rest move on through the system while the operator is evaluating the information on that bag," Barry says.

TSA has determined that because of the false positive rate of past CT systems, they will be resolved on location using sniffer technology. So if something needs further examination, the bag will go through a sniffer to determine if explosives, weapons, or drugs are present. But the sniffer is not part of the same unit, Barry explains.

Both systems can be tricked into a false alarm. For ETDs, that is usually due to actual - but innocent - target residue that got on the bag due to a passenger's hobbies, profession, or medical condition. Construction workers who handle explosives on the job or someone who takes nitroglycerin as a heart medication are examples. TSA says the units now being deployed incorporate classified procedures to resolve those types of false alarms.

Encountering materials within the bag that have the same or similar densities to threat materials usually causes EDS nuisance alarms. Even with the improved algorithms incorporated by the manufacturers, TSA also may use ETDs as a first-step backup to resolve EDS alarms.

Accuracy aside, the most serious long-term concern for airports is where to put the EDS equipment, which many will temporarily lodge in their lobbies.

"These units are really designed for in-line use behind the check-in counter as part of the checked luggage distribution system. Installing them behind check-in counters, however, requires significant redesign and construction, not all of which are achievable in the next six months. So in some airports they will be installed in the lobby and people will put their bags in the scanner before they check in. But the ultimate desire is to do this in the background as part of the check-in process," Barry says.

"Each airport has its own idiosyncrasies in design and size, so what TSA is doing now is concentrating on key airports and how to deploy these this year for full inspection. The next step is determining how to further improve the system, which will involve moving most of these systems out of the lobbies and into the luggage handling area. Some airports are considering creating a separate baggage check-in area, where all bags would be collected in one place and then distributed to the airlines, but that would be both difficult and expensive."

While site assessments and infrastructure recommendations are part of the Boeing contract, some airports also are expected to bring in outside consultants, such as AMCG of Marlborough, Mass., with hopes not only of dealing with the installation question but also of helping find ways to improve overall efficiency.

"We can conduct an overall survey or focus on a specific operation. Then we provide a complete work plan that covers all the different operational solutions, which is not only technology. It also has to consider the airport's profit flow," says Ronen Hakimi, AMCG's chief executive officer. "We then integrate procedures and technologies into that profit flow, along with information systems that must support the process and the system. In many cases, we've looked at solutions to better utilize the technology.

"For example, if you have a million-dollar EDS machine and can improve its operation by 20 percent, you can save a lot of money," Hakimi says. "We look at how it will work in the future, then work backwards to determine how to approach it from the current situation to achieve that goal in the future. We actually balance between security, operational costs, and quality of service. Any solution we provide is always measured by those three dimensions."

Hakimi emphasizes that AMCG, which currently has no U.S. airport contracts but has done similar work in Israel, is an operations consultant, not a security consultant. Nonetheless, he does warn airports and TSA about focusing too heavily on only one dimension of the potential terrorist threat.

"If you are going to protect against explosives, in two years you will find the risk has moved to something else and you won't have space for the machine that checks for whatever that may be," Hakimi says. "So checking for explosives does not solve the whole problem; there are many other risks," he says. "Again, you have to think about both the best security solution as well as cost and service, both for the airport and the employees.

"The way to do it is to try to keep our eyes open for future possible vulnerabilities," Hakimi continues. "As we saw on Sept. 11, we are dealing with people who will do anything possible to harm us - and they have quick and imaginative minds in developing ways to do that."

Hakimi leans heavily on his company's experience in Israel, while acknowledging that the greater size and complexity of the U.S. air transport system makes the task more difficult. Even so, he sounds a theme similar to that of other airport security experts worldwide, even while supporting EDS as the right approach to take in the immediate future.

"EDS scans baggage, but somebody brought that baggage; it didn't appear by itself. The approach in Europe and Israel is to invest in looking at the passenger. That may sound like profiling and conflicts with the Constitution, but some form of passenger scanning is necessary to determine what process each individual should go through. The question is how to pass the obstacles that will enable us to focus on the real risks," he says.

"The first thing all airports must do is define clear lines between the airside and the landside, then verify that all perimeter fences and gates are protected. In some cases, we have found things it is better not to talk about publicly."

More in Communications