Re: Gov't Orders Air Passenger Data for Test

2004-11-22 Thread John Gilmore
 ... they can't really test how effective the system is ...

Effective at what?  Preventing people from traveling?

The whole exercise ignores the question of whether the Executive Branch
has the power to make a list of citizens (or lawfully admitted non-citizens)
and refuse those people their constitutional right to travel in the United

Doesn't matter whether there's 1, 19, 20,000, or 100,000 people on the
list.  The problem is the same: No court has judged these people.
They have not been convicted of any crime.  They have not been
arrested.  There is no warrant out for them.  They all have civil
rights.  When they walk into an airport, there is nothing in how they
look that gives reason to suspect them.  They have every right to
travel throughout this country.  They have every right to refuse a
government demand that they identify themselves.

So why are armed goons keeping them off airplanes, trains, buses, and
ships?  Because the US constitution is like the USSR constitution --
nicely written, but unenforced?  Because the public is too afraid of
the government, or the terrorists, or Emmanuel Goldstein, or the
boogie-man, to assert the rights their ancestors died to protect?

John (under regional arrest) Gilmore

PS: Oral argument in Gilmore v. Ashcroft will be coming up in the
Ninth Circuit this winter.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Gov't Orders Air Passenger Data for Test

2004-11-21 Thread John Kelsey
News story quoted by RAH:

WASHINGTON -  The government on Friday ordered airlines to turn over
personal information about passengers who flew within the United States in
June in order to test a new system for identifying potential terrorists.

The interesting thing here is that they can't really test how effective the 
system is until they have another terrorist event on an airline.  Otherwise, 
they can assess the false positive rate of their list (people who were on the 
no-fly-list, shouldn't have flown according to the rules, but did without 
trying to hijack the plane), and the false positive and false negative rate of 
their search for names in the list (e.g., when it becomes obvious that Benjamin 
Ladon from Peoria, IL would have matched, but wasn't the guy they were hoping 
to nab, or when it becomes obvious that a suspected terrorist was in the data, 
did fly, but wasn't caught by the software).  

 The system, dubbed Secure Flight, will compare passenger data with names
on two government watch lists, a no fly list comprised of people who are
known or suspected to be terrorists, and a list of people who require more
scrutiny before boarding planes.

Presumably a lot of the goal here is to stop hassling everyone with a last name 
that starts with al or bin, stop hassling Teddy Kennedy getting on a plane, 
etc., while still catching most of the people on their watchlists who fly under 
their real name.  

 Currently, the federal government shares parts of the list with airlines,
which are responsible for making sure suspected terrorists don't get on
planes. People within the commercial aviation industry say the lists have
the names of more than 100,000 people on them.

This is a goofy number.  If there were 100,000 likely terrorists walking the 
streets, we'd have buildings and planes and bus stops and restaurants blowing 
up every day of the week.  I'll bet you're risking your career if you ever take 
someone off the watchlist who isn't a congressman or a member of the Saudi 
royal family, but that it costs you nothing to add someone to the list.  In 
fact, I'll bet there are people whose performance evaluations note how many 
people they added to the watchlist.  This is what often seems to make 
watchlists useless--eventually, your list of threats has expanded to include 
Elvis Presley and John Lennon, and at that point, you're spending almost all 
your time keeping an eye on (or harassing) random harmless bozos.  

R. A. Hettinga mailto: [EMAIL PROTECTED]


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]