News story quoted by RAH: >WASHINGTON - The government on Friday ordered airlines to turn over >personal information about passengers who flew within the United States in >June in order to test a new system for identifying potential terrorists.
The interesting thing here is that they can't really test how effective the system is until they have another terrorist event on an airline. Otherwise, they can assess the false positive rate of their list (people who were on the no-fly-list, shouldn't have flown according to the rules, but did without trying to hijack the plane), and the false positive and false negative rate of their search for names in the list (e.g., when it becomes obvious that Benjamin Ladon from Peoria, IL would have matched, but wasn't the guy they were hoping to nab, or when it becomes obvious that a suspected terrorist was in the data, did fly, but wasn't caught by the software). > The system, dubbed "Secure Flight," will compare passenger data with names >on two government watch lists, a "no fly" list comprised of people who are >known or suspected to be terrorists, and a list of people who require more >scrutiny before boarding planes. Presumably a lot of the goal here is to stop hassling everyone with a last name that starts with al or bin, stop hassling Teddy Kennedy getting on a plane, etc., while still catching most of the people on their watchlists who fly under their real name. ... > Currently, the federal government shares parts of the list with airlines, >which are responsible for making sure suspected terrorists don't get on >planes. People within the commercial aviation industry say the lists have >the names of more than 100,000 people on them. This is a goofy number. If there were 100,000 likely terrorists walking the streets, we'd have buildings and planes and bus stops and restaurants blowing up every day of the week. I'll bet you're risking your career if you ever take someone off the watchlist who isn't a congressman or a member of the Saudi royal family, but that it costs you nothing to add someone to the list. In fact, I'll bet there are people whose performance evaluations note how many people they added to the watchlist. This is what often seems to make watchlists useless--eventually, your list of threats has expanded to include Elvis Presley and John Lennon, and at that point, you're spending almost all your time keeping an eye on (or harassing) random harmless bozos. >R. A. Hettinga <mailto: [EMAIL PROTECTED]> --John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
