Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Biometrics in Airports'

Biometrics in Airports
How To, and How Not To, Stop Mahommed Atta and Friends

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 23 February 2003

© Xamax Consultancy Pty Ltd, 2002-03

This document is at

It is a companion paper to my other works on biometrics


The terrorists' strike on the World Trade Center was a shattering event, not only for those close to it in some way, but indeed for anyone who saw the images, and for anyone who had previously assumed that the public wasn't susceptible to warlike actions by renegade groups.

Understandably, measures have been sought that would provide various forms of protection against such actions. One of the measures that has been proposed, funded, and trialled is biometrics technology installed in airports, and intended to assist in keeping terrorists off aircraft.

This document is a quick, 'back of the envelope' analysis of the logic underlying those trials.

The Question

Biometrics technologies test some physical characteristic of a person, in order to determine either who they are, or whether they are who they claim to be.

Many biometrics technologies have been invented, and many of the inventions have failed to deliver and have disappeared. A current crop of products is in the marketplace, which depend on such physical characteristics as fingerprints, hand geometry, the appearance of the iris, voice-patterns, and facial appearance.

Could the installation in airports of any of these currently-available technologies help prevent actions like that of 11 September 2001?

The Answer

Suppose that a reliable biometrics-based system was in operation in the relevant airports that day. It would have worked in one of two ways.

It could have been designed to authenticate every person against some previous measurement of that person, in order to work out who they were. This would have required that they have been previously enrolled in the scheme. The population of travellers is very large, and the boundaries of the population are porous (e.g. it includes international travellers who have never been in the country before). This is therefore a horrendously difficult proposal, and currently completely impractical.

Alternatively, a system could have been designed to identify terrorists (or some broader class of people, including terrorists). It would have done that by taking a measure of each person who presented at security checkpoints, and comparing that measure against a database of measurements of people who were to be excluded from aircraft. This is challenging, because Osama bin Laden and people like him don't want to provide a sample, and because so little is known about them that acquiring a sample covertly is very difficult. But a comparison against the biometrics of the, say, 50 or 500 known problem-people could have some benefits.

The problem is that only 2 of the 19 terrorists who conducted the suicide missions that day could possibly have been on such a list. At least 17 of them, and arguably all 19, were legally in the United States, passed legally through airports, and were legally on the aircraft.

So the conclusion has to be that the people who have authorised the trials of biometrics systems in airports:

An Alternative Question

Rather than focussing on airports, a more general question would be "Could installation, anywhere, of any of these currently-available technologies help prevent actions like that of 11 September 2001?

The Answer

Possibly, because there are two potential applications within an aircraft.

One of those is a variant on the 'dead hand' in train-engines. The aircraft's controls could be programmed to respond only to pre-registered biometrics. This is a frightening prospect for all manner of practical reasons, and would need to be supplemented by some kind of over-ride facility, which would itself be a significant risk factor. There must be a better way.

It helps to focus on the point in time and space when the terrorists performed an act that was illegal (or even seriously suspicious). This may have been when they took a hostage; or when they, with or without a hostage, moved into the last metre before the cockpit door.

It is conceivable that biometrics could be used as part of a system that enables, or disables, the opening of a cockpit door. It would necessarily involve pre-registration of the flight crew and relevant attendants. It would need to be complemented by precautions against the use of the hand of a crew-member who is unconscious or under duress, together with some careful handling of such circumstances as a malfunctioning system that has locked all the pilots out of the cockpit. It does, however, represent the sole tenable application of biometrics to prevent the kind of terrorist action that destroyed the World Trade Center.

I am unaware of any proposals to trial, or even prototype, any such application. But maybe someone's working on it. I'd welcome that.

A Note on 'Legally in the United States'

It has been suggested that some of the terrorists may have entered the country using 'false identities'. It is unclear what that term means. If it means that there was an established identity, originally used by some other person, that they co-opted and used to gain entry to the country, i.e. if they committed a form of 'identity theft', then it could reasonably be claimed that those persons were not legally in the country.

Biometrics could, in principle, be applied to address the problem of identity theft. It would require that every person in the world be issued with a token that carried a measure of an appropriate biometric, and that every border crossing have equipment that would reliably measure the person and check the new measure against the recorded biometric. Moreover, the issue of the tokens would need to somehow authenticate the person's claim to whatever identity was to be recorded with the biometric; and enormous precautions would be needed to cope with lost, stolen, modified and forged tokens.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 1 February 2002 - Last Amended: 23 February 2003 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy