TSA approves four products for airport screening
Strict requirements may have limited the number of submissions
- By Patrick Marshall
- Sep 20, 2007
Three years after being directed to establish a 'qualified products list' for airport screening programs, the Transportation Security Administration has named the first products to qualify.
Of seven products that vendors submitted for testing, four were approved for the list. Two of them ' Bioscrypt's V-Station and Cogent Systems' ID-Gate ' combine keypads, fingerprint scanners and smart-card scanners. Two fingerprint sensors from Lumidigm also won approval.
Rick Lazarick, chief scientist at Computer Sciences Corp.'s Identity Labs and a consultant to TSA, said the testing was run directly by TSA, although it was performed by International Biometric Group, a private company based in New York and London.
'The testing itself was limited to indoor, controlled' scenarios, Lazarick told attendees at the Biometric Consortium Conference in Baltimore Sept. 11. 'The manufacturer set up the equipment and established the threshold that they wanted to meet.'
The test involved a crew of 250 volunteer subjects. Guidelines set by TSA required successful products to deliver results with false-acceptance rates and false-rejection rates of less than 1 percent. The transaction time had to be less than 6 seconds.
Lazarick said TSA funded only the preparation of laboratories to make sure they were ready to accept the devices. Manufacturers were required to pay a fee of $25,000. 'That fee-for-service model will go into the future,' Lazarick said.
Just as noteworthy as the first devices to earn placement on the list, however, is the relative lack of vendor participation. Of the dozens of biometric vendors in the marketplace, only a handful participated in the initial round of TSA testing.
One reason for the limited participation in this first round of testing may have been self-selection by the vendors. The requirements for products were spelled out in detail in a 140-page 'Guidance Package: Biometrics for Airport Access Control,' and some vendors may have decided that their products or technologies could not meet the requirements.
In addition to meeting certain requirements for recognition accuracy, for example, the guidelines specified that devices 'should yield at least a 99.86 percent operational availability rate' and that cumulative downtime per unit during operational duty hours for all maintenance should not exceed 10 duty hours annually, assuming a 20-hour duty day for 365 days each year.
'It's obvious that an airport is not a sterile environment,' said Amy Kudwa, a TSA spokeswoman. 'We're talking about machines that need to process several thousand people a day. We oftentimes run 24 hours a day. Even for the airports that do close at night, we're talking about 18 hours a day. Can it actually function in a nonsterile environment? Is it something that you have to take down for maintenance twice a week? These are the kinds of operational constraints that we have to take a look at for the very specific requirements we have in an airport setting.'
Kudwa said vendors might back off when they see the specific requirements. 'You're going to see plenty of marketing brochures and people talk about how they have the silver bullet technology security solution,' she said. But when the rubber hits the road and they have to deliver specific capabilities with specific requirements for uptime, many vendors suddenly disappear.
However, at least one vendor said there may be other reasons for the low rate of vendor participation.
'I'm not sure what TSA's looking for,' said Roger Kelesoglu, senior business development executive at Cognitec Systems. 'Nobody contacted us. If TSA's interested in technology, they should follow the technology media.'
Kelesoglu added that vendors are often deterred from participation not so much by client requirements as by the request for proposals process that is standard in government agencies.
'In America, the RFPs that come out are sometimes laughable,' he said. '[Agencies] cut and paste from consultants, and often the requirements that they put in RFPs contradict each other.'
Patrick Marshall is a freelance technology writer for GCN.