News story quoted by RAH:

>WASHINGTON -  The government on Friday ordered airlines to turn over
>personal information about passengers who flew within the United States in
>June in order to test a new system for identifying potential terrorists.

The interesting thing here is that they can't really test how effective the 
system is until they have another terrorist event on an airline.  Otherwise, 
they can assess the false positive rate of their list (people who were on the 
no-fly-list, shouldn't have flown according to the rules, but did without 
trying to hijack the plane), and the false positive and false negative rate of 
their search for names in the list (e.g., when it becomes obvious that Benjamin 
Ladon from Peoria, IL would have matched, but wasn't the guy they were hoping 
to nab, or when it becomes obvious that a suspected terrorist was in the data, 
did fly, but wasn't caught by the software).  

> The system, dubbed "Secure Flight," will compare passenger data with names
>on two government watch lists, a "no fly" list comprised of people who are
>known or suspected to be terrorists, and a list of people who require more
>scrutiny before boarding planes.

Presumably a lot of the goal here is to stop hassling everyone with a last name 
that starts with al or bin, stop hassling Teddy Kennedy getting on a plane, 
etc., while still catching most of the people on their watchlists who fly under 
their real name.  

> Currently, the federal government shares parts of the list with airlines,
>which are responsible for making sure suspected terrorists don't get on
>planes. People within the commercial aviation industry say the lists have
>the names of more than 100,000 people on them.

This is a goofy number.  If there were 100,000 likely terrorists walking the 
streets, we'd have buildings and planes and bus stops and restaurants blowing 
up every day of the week.  I'll bet you're risking your career if you ever take 
someone off the watchlist who isn't a congressman or a member of the Saudi 
royal family, but that it costs you nothing to add someone to the list.  In 
fact, I'll bet there are people whose performance evaluations note how many 
people they added to the watchlist.  This is what often seems to make 
watchlists useless--eventually, your list of threats has expanded to include 
Elvis Presley and John Lennon, and at that point, you're spending almost all 
your time keeping an eye on (or harassing) random harmless bozos.  

>R. A. Hettinga <mailto: [EMAIL PROTECTED]>


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to