Serious question: if there is a 16 minute queue for "security", why wouldn't a potential terrorist just wheel up a carry on sized bomb and detonate it in the middle of the "security" line? Is this something that the TSA addresses (I assume not), or do they just ignore the possibility? All they've done is move the soft target further out.
That might have helped if they actually caught fluids in the carry on. In my experience (accidentally left bottles in carry-on several times; always found out myself after passing through security with no problems) they don't seem to do that.
It's inconsistent. I've had various things denied in carry-on (e.g. jar of jam, snow globe, etc). A TSA agent even told me that snow globes were not allowed even in checked luggage, which I found out later is false. I had to find some way to mail the snow globe to myself from the airport.
Setting aside the effectiveness arguments for the moment, the point of preventing weapons on aircraft is now less about 'a terrorist might blow up an aircraft' and more about 'a terrorist might hijack an aircraft and turn it into a gigantic missile'.
Obviously any place where there are large groups of people would be a target for attacks of this kind.
I think they're concern is not foremost for the safety of the passengers. The main concern is airplanes going into buildings. Of course, this is definitely an example of fighting the last war.
On a separate note, the TSA really pisses me off. Consider that UPS saves millions by not taking left turns. Removing or adding very small inefficiencies at a very large scale has tremendous cost implications. I don't think these security lines add much security and I think they do that task at a much higher cost than most people think.
IF you look at airport security, it is always about fighting the last war. The limitation on liquids comes a lone bomber bringing a liquid binary explosive onboard in the toiletry. the issue with shoes, again another bomber. matching luggage to passengers i believe is because of Lockerbie. And the list goes on and on.
If you're in a position to make these decisions, your career will be wrecked if an attack is repeated successfully, but you'll probably be just fine if a new attack gets through.
I agree that planes going into buildings is the major security concern, but we fixed it. We've reinforced the cockpit doors and we've taught passengers not to cooperate with hijackers (the latter we managed within hours of the first attack)
Plus panic buttons & guns in the cockpit, new procedures for aircraft leaving their scheduled route, and passenger's reaction to a hijacking (e.g. one "bad guy" with a switchblade is nothing against 300 people who fear NOT doing anything will endanger their lives).
Pilots have a panic button. It's called squawking code 7500. Alerts ATC that there is a hijacking situation (7700 is general emergency.) Guns in airplanes are a bad idea for, well, quite a few reasons.
> we've taught passengers not to cooperate with hijackers
Have we? Maybe US passengers have been taught that better than elsewhere, but we don't really know due to the lack of hijackings to test that theory.
And internationally, of about a dozen hijackings post 9/11 only two I think have seen the hijacker get subdued by passengers - in one instance probably because there happened to be six police officers aboard; in the other instance it was a lone hijacker with a nail file...
Incidentally, despite 9/11, the odds of surviving a plane hijacking are still very high - the persons running the highest risk of getting killed in a hijacking are the hijackers. As it happens, 9/11 did not result in a string of copycat hijackers - most hijackers appears to still plan to survive the hijacking.
While all of this helps, it's hard to say that it fixed the issue. As far as I'm aware, for US based flights, there have been a few bombing attempts, but no hijacking attempt since 9/11. It's hard to say if this is a result of these security measures, the TSA security, or just the fact that hijackings aren't that common.
...we've taught passengers not to cooperate with hijackers
Since I'm old, I remember the decades during which we were taught to cooperate completely with hijackers. Of course this was always bad advice, as was eventually made clear even to the idiots on TV. It seems possible that if no terrorism "expert" had ever appeared on TV, 9/11 could have gone very differently.
It's not like we didn't have airport security lines before the TSA. And with the new millimeter wave machines I'm not sure if they're appreciably slower than the old metal detector setup. The bottleneck was always putting your luggage through the X-ray, and we've had that for as long as I can remember.
I don't have the data to back it up, but from what I have personally seen, the bottleneck is now predominantly the body scanner, mostly because many airports are running a setup where they have two x-ray baggage detector lines feeding into one body scanner.
The bottleneck is definitely the xray scanners. I've never seen the line be held up by people waiting for millimeter wave machine. Also, if that line gets even a little long, the TSA agent will wave people through the metal detector real quick.
That said, things like taking your shoes off, taking your laptop out, removing belts, etc. really slow down the xray machine line.
To be fair my observations are solely based off n~= 20 flights through generally smaller airports, but I have seen extreme reluctance on the part of TSA staff to pass people through the metal detectors, especially during times like holidays. I do agree that the security theater surrounding the x-ray bag scanners is also a significant issue and might be the primary bottleneck at other airports or at different times.
When I was flying in continental USA on a weekly basis in 1998-99, security lines were seldom a problem. On more than one occasion, I parked my car in the DIA short-term lot (client was paying) 20 minutes before flight time. Gate agents would wag their fingers, and I'd be breathing hard when I got aboard, but I never missed a plane because of it. Also when I forgot to stash my pocketknife in my carry-on bag I just plunked it down in the change bucket with my keys and change. It really was easier and more enjoyable to fly back then...
If you think it was a joy to fly then, you should have seen it before the security measures adopted around the time of the 1990-1991 Gulf War and associated perception that Iraq would target US flights for terrorist attacks.
I think the key bottleneck increaser was the requirement to remove shoes and to remove more things (electronics & liquids) from luggage when being sent through the x-ray.
In Newark, past the TSA checkpoints, the Tel Aviv gate has its own secondary screening with barricades, wands & pat-downs for everyone. I suspect that is because of actual threats and a desire for real security.
-> ...why wouldn't a potential terrorist just wheel up a carry on sized bomb and detonate it in the middle of the "security" line?
I have no idea. To me, by far the most dangerous part of flying is the queue at the TSA checkpoints, especially at airports with particularly large checkpoints (I'm thinking EWR and probably ORD). I think some airports address this (SEA, MSP, JFK...maybe) by spreading out the checkpoints among smaller groups of gates to keep the volume of people at those checkpoints down. This is just my speculation, however.
I'd be curious to see how checkpoints have evolved over the last 14 years in terms of design and efficiency.
I imagine the reasoning goes somewhat to the effect of:
If a plane goes down, it's reasonable to expect that everyone on board will die. It's less reasonable to expect that the blast radius of a device that was sufficient to down an aircraft would be sufficient to encompass an equivalent number of people in the security line.
When it comes to designing airport safety, instilling the feeling of safety in travelers is a more important goal than actual safety. This is a sorta-open-secret.
We can sit around and come up with thousands of possible attacks scenarios with less than 1% of the security that goes into preventing airplane hijackings. But that doesn't really matter. Airport security is primarily a political item, both responding to political pressures and fears, while generating entirely new ones.
> When a device passes the sensors, its non-personal unique ID, called a MAC address, is recorded, encrypted and time-stamped. By re-identifying the device from multiple sensors, travel times, average speeds, dwell times and movement patterns become available.
Aren't MAC addresses spoofed on most phones now?! I didn't expect a system like that to still be usable.
As of last year iOS devices do randomize their MAC address when polling for nearby WiFi, specifically to foil this kind of tracking. Here's an interesting breakdown of what is actually happening: http://blog.airtightnetworks.com/ios8-mac-randomization-anal...
Huh, i guess they got a fire lit under their ass. After having their products found shouting to anyone nearby what previous networks the product had been in contact with, that is.
Nice link! From what it describes, I don't think this will be too much of a problem for a tracking system like this. The randomized MAC is only changed when the phone is put to sleep for at least 120 seconds. It stays constant while sleeping, or while active. So if you're on your phone from start to finish (as a lot of people do) or if you leave it in your pocket from start to finish, you'll be tracked fine. Only if you use your phone, put it to sleep, and leave it asleep for at least two minutes all while in the line will you defeat this. And while that's certainly something people will do, plenty of people won't, so the tracking can use those.
This all sounds pretty good to me. Short-term tracking like this is useful and not very invasive. The randomization will still defeat long-term invasive tracking, like a store recognizing you from past visits and building up a database of your individual activity from that.
Yep. It sure is. Know how spammers that don't run afoul of the CAN-SPAM act get really salty when you call their spam spam? The is the same sort of wordsmithing. By arguing that this identifiable information doesn't fall into the the "personal" bucket, they want the public to think what they're doing is A-OK.
They use weasel language to suggest following a standard of what "personal" data is means everything on the "not-personal" side is perfectly normal operation the consumer doesn't have to worry about. All while trying to derive as much personal information as possible from the not-technically-personal data.
That definitely goes against my hacker instincts where if I can automate a daily task with the amount of time that it would take me to do it in a few days, I go ahead and automate it.
Yep, I think the same way. I always prefer to spend a lot of time upfront on something and automate it instead of doing it over and over later. I try to avoid repetitive tasks as much as I possibly can.
Yeah, I'm not sure the signs will help people, it's kind of out of their hands - but I like the idea of airport staff being able to spot bottlenecks more easily and shift resources where they can.
Presumably the TSA managers will be rated based on their wait times, and therefore accountable when they're too lazy to staff the right number of people.
Last week I almost missed my flight at Oakland because they had everyone funneled through a single scanner. Two scanners were idle because they were "short staffed". That's not an accident or bad luck. That just means the manager was too lazy to do their job correctly.
I wouldn't call the manager lazy. It's more of lacking clear information that they need to make properly informed staffing decisions. I bet they have incentives tied to cost more than wait time. Instead of optimizing for cost and a gut feeling of need to meet a certain service threshold they can now use this data to predict capacity needs more accurately. Hopefully incentives are correctly set so they don't just ignore these new numbers.
My worst airline-related example of this involved a flight from Paris to Philadelphia. It was scheduled to arrive around 4PM. However, the departure was delayed about four hours because the plane was late getting in to Paris, which in turn happened because the plane had mechanical trouble in Philadelphia.
There were a lot of people on this flight who were connecting on to other cities. We landed just barely in time to catch the last flight of the day to many of those cities, but most people had to be rebooked since that wasn't their original flight.
So we get off the plane and about two hundred of us need to be rebooked, and we get to the counter to discover a grand total of three people working there. To process two hundred people. Who all needed fast service. For a problem that anyone could have seen coming literally a day in advance.
A lot of people unnecessarily spent their nights in hotels rather than with their families that night, because nobody looked at what was going on and said, we should bring in some more people for this.
But yes, I'm sure it's all about bad incentives. Whoever takes the hit for overtime staffing doesn't also take a hit for hotel vouchers, even though it probably would have been cheaper overall for the airline to staff up and get people on their flights. (Not to mention the benefit of pleasing your customers.)
In Austin's airport there are several security lines that you can choose from. Each line shows its average wait time as well as the average wait time for the other lines. It's helpful to be able to see that the lines closest to you is 20 minutes but the line just down the terminal is only 5 minutes.
Sort of at the front of the security line. Right before you get to the area where you load up the conveyor belt. It is visible from the back of the line.
Same in Atlanta. Also, if the main security is backed up and the other security areas are faster, there will actually be an employee directing passengers to the faster one.
> With this data, JFK is able to display accurate wait times to reduce passenger frustration and to notify staffing if areas in the terminal are becoming congested, so staff can identify and rectify bottlenecks before they escalate.
Reminds me of the story about baggage claim at Houston's airport. They kept getting lots of complaints about how long it took for people to wait for their bags after getting off their flights. To fix this they moved the claim area further away from the gate, it took people longer to get there but the same amount of time for the bags to reach the claims area. Complaints went way down.
An indefinite wait is about a million times more frustrating than a wait of known length, by its very nature. So long as the number is reasonably accurate, it's a much nicer experience.
It's extremely practical, too. There is a lot you can do based on that number. For security, if the wait is extremely long and your flight is soon, you can try to plead your case to the security people. They'll often let you jump the line if your flight is departing soon, so yes, you can actually say "I guess I'll hurry." The information is available even if you're not in line, so you can plan accordingly.
For customs, you can't do much about your own situation, but you can tell people who are waiting for you how much longer you expect to be.
Showing people information like this removes uncertainty and makes them feel more calm and in control, even if they can't necessarily act on the information immediately. It promotes the idea that the airport believes that user time is valuable, that the airport cares about performance, and that they are trying to optimize processes when possible and provide useful information. This contrasts strongly with the attitude that one normally associates with airports, which is that the entire travel process is insanely uncertain and no one working there gives a shit about you. This improves both passenger and staff morale (as staff are the obvious targets of undirected passenger anger and frustration) and makes the process feel more seamless.
There's also some psychological tricks you can play with the time estimates. When it takes less time than was estimated people don't mind the wait as much and can come out way happier. Disney is one of the kings of these kinds of tricks in their parks it's really interesting.
I wonder how long before they can do the same with cameras? A bit of computer vision and you have more complete data... Not sure if there is still need for better completeness though.
Should be quite easy to implement, actually. Some stores have this kind of technology to track traffic. I think the problem is installing the cameras and the software, but that's trivial for an airport.
Awesome, this kind of technology should be used in ALL waiting lines. I read that the average person spends months of their lives just waiting in lines. This is ridiculous and should be fixed. Every store should have an average waiting time and they should try to minimize it.
When a device passes the beacons, its non-personal unique ID—called a MAC address—is recorded, encrypted and time-stamped.
Blip, you make me laugh. You know this will raise privacy concerns and say the sweet nothings that placate the general public, but inspire no confidence in people who know what those words mean.
I'm not here to say that as a JFK traveler I'm unhappy with the privacy considerations. I just want to point out you're pretending your design is good on privacy when simple tweaks would show the security minded you gave half a shit. I don't mind this monitoring if it is limited to the uses described, your maneuvering simply makes me giggle.
A MAC may not be in whatever bucket you're calling "personal" but is certainly more personal than "non-personal" implies. Encryption is effectively a "we're doing it right" buzzword to the general public. What are your authorized uses for the data? What's your KMI? What data minimization techniques are employed? Do you purge old records? Replace the MAC with an identifier that can't be tied back to MAC once the target has left the line? Hash MACs on entry in a way that is both time-costly to bruteforce and results in a different hash every day?
"supposed to be", but not really. There are no measures to prevent MAC collision other than a manufacturer assurance they won't duplicate the addresses.
Yeah that same line made me laugh a bit as well. "Your non-identifying, SUPER personal, burned onto your phones hardware, is never going to change Mac Address is recorded as you walk by."
I think the idea is a great one, it's unfortunate there isn't a better way (that I can think of atm) to do it, or like you said just some transparency on what they do with it. As simple as: "At the end of each day the encrypted mac addresses are completely erased from our system."
Seems like they do keep the info though, it says the Cincinnati airport kept it and used it for data analysis. In the end, I think this kind of thing most people will be okay with foregoing a bit of privacy for.
I work in the traffic industry and over the last 8 years I have seen the rise of WIFI and Bluetooth journey time monitoring kit and after looking at every solution, I have found that the method of "encrypting" the data has always been just a MD5 hash, or SHA if you are lucky. With with result Hash just been http'ed over to a server on the internet. This usually leads to to question, "OK, so I can just hash the victims MAC address and the look for that in the data stream to find out where the person is insteadvof just using the MAC directly?"
I work in the traffic industry and over the last 8 years I have seen the rise of WIFI and Bluetooth journey time monitoring kit and after looking at every solution, I have found that the method of "encrypting" the data has always been just a MD5 hash, or SHA if you are lucky. With with result Hash just been http'ed over to a server on the internet. This usually leads to to question, "OK, so I can just hash the victims MAC address and the look for that in the data stream to find out where the person is instead of just using the MAC directly?" The same is done for ANPR based systems. The word "encrypted" seems to be added to some how make it secure without the solution being secure.
I was under the impression that iOS devices now use a random MAC address when searching for WiFi access points - so although you could still make estimates, at least based on people not using iPhones, wouldn't this alleviate the privacy issues?
I understand the concern, but isn't your face effectively just as personally identifiable, recorded in far more locations, and arguably much more personal because it can't be easily replaced/changed?
That doesn't make either situation okay for privacy-conscious people like you and I, but I personally feel like MAC address tracking is a relatively minor concern when it comes to privacy.
Another simple thing that could be done to increase efficiency is have notices upstream in the security line instructing people to remove their shoes / belts and store their personal items like phones before they get to the conveyor belt used to feed items into the x-ray baggage scanner (assuming this is still a relevant bottleneck). A lot of time is needlessly wasted by people who start this process when they first hit the front of the security line.
I'm not going to take my shoes of in a common area until I absolutely have to. I think it's a stupid law anyway, and my not disrobing early is a form of protest at the indignity.
Nitpick: these are not "beacons", they are "sensors". The product page linked from the article doesn't even contain word "beacon". Beacons are unidirectional. But, beacons are hot right now, which presumably the author sought to capitalize on.
I am just curious. Wouldn't it be more easier to do this with specific devices than using the phones?
Each passenger can be given a smart card along with the boarding pass (or embedded in the boarding pass). The sensors could merely check for the smart card at certain points and determine how long it took for the passenger to clear security, etc. The airline can then collect the smart card back just before boarding when they scan the boarding pass. Seems like a simple solution that would work without much privacy concerns.
I've seen this done in airports before, only using a plain laminated card that you carry through the line - the low-tech solution. The card was used by the TSA to internally track wait times
Disneyland in Anaheim still does. They use it to update the wait time signs at the entrance to each ride and, just recently, their official wait time mobile app.
London Luton was displaying similar wait times when I traveled through it last week, and I was wondering how they did it. I thought they might be doing some kind of face recognition using the cameras at entry/exit to the hall.
They will only spend enough money on staffing, to keep customer frustration just below the boiling point. You see that in every industry, not just at the airport. Although in industries with little or no competition (I'm looking at you, USPS), I would say have even less incentive to care about customer satisfaction.
One of the photos shows the system in use at the DHS immigration line. Aren't there notices all over this place telling travelers that cellphone use is strictly prohibited before passing the checkpoint? It seems strange that the airport relies on people breaking the law to provide better service...
Good. I suspect that many people aren't aware that most smartphones in common/default configurations leak a unique identifier that can be passively sensed and monitored. Products like this will help raise awareness as to how privacy invasive simple consumer devices have become.
101 comments
[ 3.2 ms ] story [ 152 ms ] threadObviously any place where there are large groups of people would be a target for attacks of this kind.
On a separate note, the TSA really pisses me off. Consider that UPS saves millions by not taking left turns. Removing or adding very small inefficiencies at a very large scale has tremendous cost implications. I don't think these security lines add much security and I think they do that task at a much higher cost than most people think.
Have we? Maybe US passengers have been taught that better than elsewhere, but we don't really know due to the lack of hijackings to test that theory.
And internationally, of about a dozen hijackings post 9/11 only two I think have seen the hijacker get subdued by passengers - in one instance probably because there happened to be six police officers aboard; in the other instance it was a lone hijacker with a nail file...
Incidentally, despite 9/11, the odds of surviving a plane hijacking are still very high - the persons running the highest risk of getting killed in a hijacking are the hijackers. As it happens, 9/11 did not result in a string of copycat hijackers - most hijackers appears to still plan to survive the hijacking.
Since I'm old, I remember the decades during which we were taught to cooperate completely with hijackers. Of course this was always bad advice, as was eventually made clear even to the idiots on TV. It seems possible that if no terrorism "expert" had ever appeared on TV, 9/11 could have gone very differently.
That said, things like taking your shoes off, taking your laptop out, removing belts, etc. really slow down the xray machine line.
I assume that's to prevent targeting concentrations of foreign tourists.
I have no idea. To me, by far the most dangerous part of flying is the queue at the TSA checkpoints, especially at airports with particularly large checkpoints (I'm thinking EWR and probably ORD). I think some airports address this (SEA, MSP, JFK...maybe) by spreading out the checkpoints among smaller groups of gates to keep the volume of people at those checkpoints down. This is just my speculation, however.
I'd be curious to see how checkpoints have evolved over the last 14 years in terms of design and efficiency.
If a plane goes down, it's reasonable to expect that everyone on board will die. It's less reasonable to expect that the blast radius of a device that was sufficient to down an aircraft would be sufficient to encompass an equivalent number of people in the security line.
We can sit around and come up with thousands of possible attacks scenarios with less than 1% of the security that goes into preventing airplane hijackings. But that doesn't really matter. Airport security is primarily a political item, both responding to political pressures and fears, while generating entirely new ones.
> When a device passes the sensors, its non-personal unique ID, called a MAC address, is recorded, encrypted and time-stamped. By re-identifying the device from multiple sensors, travel times, average speeds, dwell times and movement patterns become available.
Aren't MAC addresses spoofed on most phones now?! I didn't expect a system like that to still be usable.
As for spoofed on phones, maybe if you have root. But i doubt it comes spoofed out of the box (at least i have never heard of such a thing).
This all sounds pretty good to me. Short-term tracking like this is useful and not very invasive. The randomization will still defeat long-term invasive tracking, like a store recognizing you from past visits and building up a database of your individual activity from that.
And of course you would only need a sample of passengers with static MACs for this to work.
Isn't that quite contradictionary?
Yep. It sure is. Know how spammers that don't run afoul of the CAN-SPAM act get really salty when you call their spam spam? The is the same sort of wordsmithing. By arguing that this identifiable information doesn't fall into the the "personal" bucket, they want the public to think what they're doing is A-OK.
They use weasel language to suggest following a standard of what "personal" data is means everything on the "not-personal" side is perfectly normal operation the consumer doesn't have to worry about. All while trying to derive as much personal information as possible from the not-technically-personal data.
"It's 30 minutes, my kid has time to go buy a snack and eat it before we go through security."
"No, don't use the bathroom yet, the line looks long but it's only a 5 minute wait."
"I really hate airports, but it's a little less frustrating when I can see the wait time."
"The taxi line is 20 minutes long, maybe it's worth taking the subway instead."
etc.
Presumably the TSA managers will be rated based on their wait times, and therefore accountable when they're too lazy to staff the right number of people.
Last week I almost missed my flight at Oakland because they had everyone funneled through a single scanner. Two scanners were idle because they were "short staffed". That's not an accident or bad luck. That just means the manager was too lazy to do their job correctly.
There were a lot of people on this flight who were connecting on to other cities. We landed just barely in time to catch the last flight of the day to many of those cities, but most people had to be rebooked since that wasn't their original flight.
So we get off the plane and about two hundred of us need to be rebooked, and we get to the counter to discover a grand total of three people working there. To process two hundred people. Who all needed fast service. For a problem that anyone could have seen coming literally a day in advance.
A lot of people unnecessarily spent their nights in hotels rather than with their families that night, because nobody looked at what was going on and said, we should bring in some more people for this.
But yes, I'm sure it's all about bad incentives. Whoever takes the hit for overtime staffing doesn't also take a hit for hotel vouchers, even though it probably would have been cheaper overall for the airline to staff up and get people on their flights. (Not to mention the benefit of pleasing your customers.)
Follow the money, and all becomes clear.
Removing uncertainty provides for a better end user experience
> With this data, JFK is able to display accurate wait times to reduce passenger frustration and to notify staffing if areas in the terminal are becoming congested, so staff can identify and rectify bottlenecks before they escalate.
If you're confused about the first part, there is research that shows waiting for an unknown amount of time causes more anxiety than if the wait time is known. See e.g. http://davidmaister.com/articles/the-psychology-of-waiting-l...
https://www.nytimes.com/2012/08/19/opinion/sunday/why-waitin...
It's extremely practical, too. There is a lot you can do based on that number. For security, if the wait is extremely long and your flight is soon, you can try to plead your case to the security people. They'll often let you jump the line if your flight is departing soon, so yes, you can actually say "I guess I'll hurry." The information is available even if you're not in line, so you can plan accordingly.
For customs, you can't do much about your own situation, but you can tell people who are waiting for you how much longer you expect to be.
http://articles.latimes.com/2003/sep/29/nation/na-facescan29
Read the article, was disappointed. It's still interesting tech though.
Blip, you make me laugh. You know this will raise privacy concerns and say the sweet nothings that placate the general public, but inspire no confidence in people who know what those words mean.
I'm not here to say that as a JFK traveler I'm unhappy with the privacy considerations. I just want to point out you're pretending your design is good on privacy when simple tweaks would show the security minded you gave half a shit. I don't mind this monitoring if it is limited to the uses described, your maneuvering simply makes me giggle.
A MAC may not be in whatever bucket you're calling "personal" but is certainly more personal than "non-personal" implies. Encryption is effectively a "we're doing it right" buzzword to the general public. What are your authorized uses for the data? What's your KMI? What data minimization techniques are employed? Do you purge old records? Replace the MAC with an identifier that can't be tied back to MAC once the target has left the line? Hash MACs on entry in a way that is both time-costly to bruteforce and results in a different hash every day?
I think the idea is a great one, it's unfortunate there isn't a better way (that I can think of atm) to do it, or like you said just some transparency on what they do with it. As simple as: "At the end of each day the encrypted mac addresses are completely erased from our system."
Seems like they do keep the info though, it says the Cincinnati airport kept it and used it for data analysis. In the end, I think this kind of thing most people will be okay with foregoing a bit of privacy for.
Edit: Interesting article on mobile MAC addresses down the comments: https://news.ycombinator.com/item?id=10097882#up_10098108
> The BlipTrack solution ... detects Bluetooth or Wi-Fi devices in “discoverable” mode
That doesn't make either situation okay for privacy-conscious people like you and I, but I personally feel like MAC address tracking is a relatively minor concern when it comes to privacy.
Each passenger can be given a smart card along with the boarding pass (or embedded in the boarding pass). The sensors could merely check for the smart card at certain points and determine how long it took for the passenger to clear security, etc. The airline can then collect the smart card back just before boarding when they scan the boarding pass. Seems like a simple solution that would work without much privacy concerns.
You know, fight the cause rather than the symptom :-)