News story quoted by RAH:
WASHINGTON - The government on Friday ordered airlines to turn over
personal information about passengers who flew within the United States in
June in order to test a new system for identifying potential terrorists.
The interesting thing here is that they can't really test how effective the
system is until they have another terrorist event on an airline. Otherwise,
they can assess the false positive rate of their list (people who were on the
no-fly-list, shouldn't have flown according to the rules, but did without
trying to hijack the plane), and the false positive and false negative rate of
their search for names in the list (e.g., when it becomes obvious that Benjamin
Ladon from Peoria, IL would have matched, but wasn't the guy they were hoping
to nab, or when it becomes obvious that a suspected terrorist was in the data,
did fly, but wasn't caught by the software).
The system, dubbed Secure Flight, will compare passenger data with names
on two government watch lists, a no fly list comprised of people who are
known or suspected to be terrorists, and a list of people who require more
scrutiny before boarding planes.
Presumably a lot of the goal here is to stop hassling everyone with a last name
that starts with al or bin, stop hassling Teddy Kennedy getting on a plane,
etc., while still catching most of the people on their watchlists who fly under
their real name.
...
Currently, the federal government shares parts of the list with airlines,
which are responsible for making sure suspected terrorists don't get on
planes. People within the commercial aviation industry say the lists have
the names of more than 100,000 people on them.
This is a goofy number. If there were 100,000 likely terrorists walking the
streets, we'd have buildings and planes and bus stops and restaurants blowing
up every day of the week. I'll bet you're risking your career if you ever take
someone off the watchlist who isn't a congressman or a member of the Saudi
royal family, but that it costs you nothing to add someone to the list. In
fact, I'll bet there are people whose performance evaluations note how many
people they added to the watchlist. This is what often seems to make
watchlists useless--eventually, your list of threats has expanded to include
Elvis Presley and John Lennon, and at that point, you're spending almost all
your time keeping an eye on (or harassing) random harmless bozos.
R. A. Hettinga mailto: [EMAIL PROTECTED]
--John
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]