Slashdot Mirror
False Positives, Few Matches Plague 'No-Fly' List
lindner writes "According to a recent article in the San Francisco Chronicle, the United States No-Fly List uses a soundex algorithm to match names. Designed 'to quickly summon passenger names or to catch deal-hunting passengers making duplicate bookings.' The system has only managed to rack up a slew of false-positives, including everyone matching soundex ("J. Adams") at one point in time. The problem has gotten so bad that there is now a "Fly List" for chronically misidentified passengers."
That algorithm is so fundamentally broken as to be practically useless for anything but as an aid in simple searches. Why anyone would use soundex in a mission critical application designed to positively identify individuals is beyond me. What, was the 'No Fly' database written by 1st year comp sci major or something? Sheesh.
My journal has hot
This also happened when Cowboy Neal was mistakenly identified as Kh'alid bin Naoul.
I understand that the airline industry is a little tight right now, but that's just insane.
Unfortunately, the officials implementing a system such as this are going to get crucified either way. If they let a known terrorist onto a plane and a terrorist act happens, their heads are going to roll. Every journalist will be screaming that, "this terrorist has been on the FBI watch list for 2 years, a simple misspelling of his name allowed him to foil the multi-million dolar no fly system".
On the other hand, false positives are going to make the system useless as the boy who cried wolf one too many times found out. There doesn't seem to be an easy solution to this problem.
The more you know, the less you understand.
Do they stop using the technology? Do they update it? Do they decide to keep using it, what the heck? Do the innocents rebel?
Tune in next time to "Lets listen in!"
"The most looniest, zaniest, spontaneous, sporadic Impulsive thinker, compulsive drinker, addict"
It should be obvious to anyone that any mechanism designed to target a small group out of a large group will would have to have an extremely small false positive rate to be of any use.
And the false negative rate had better be small, too.
Something 99% accurate is far from good enough; if only 0.01% of possible individuals are actual targets, you'll be getting 100 times as many false positives as correct positives.
So when did the RIAA start running the airlines?
Will I use my alias name which is Alain Williams, or will I use my real name which is Osama Bin Laden the next time that I book a flight to the USA ?
The trouble with this sort of thing is that it inconveniences Joe Public while doing little to deter a real terrorist.
The same yahoos who came up with the no-fly program will be in charge of future lists, such as those for traffic stops, and lists that flag people for enhanced surveillence under tia-like programs.
I wonder if there is a higher incidence of wiretapping done on homes that have residents named "J. Adams."
The coolest voice ever.
Here's a good run down on soundex and ten problems with it.
www.bannination.com Two things float to the top he
The metaphone algorithm addresses many of the shortcomings of soundex... why are they not using it?
Soundex gives each name a key using its first letter and dropping the vowels and giving number codes to similar-sounding vowels (like "S" and "C"). The system gives the same code, L350, for "Laden" and all similar-sounding names: Lydon, Lawton, and Leedham.
Boy, I'd hate to be a guy with a name like "Sam Lawton" or something. I wonder how many similarly-named middle-aged salesmen are getting red-flagged on flights... because you just never know, what if Osama Bin Laden disguised as a portly white guy from Milwaukee, and he never bothered to pick a false name that sounded sufficiently different from the original.
what's wrong with passengers hunting for the best deal?
Story: to catch deal-hunting passengers making duplicate bookings.
This means that people were using different travel agencies to reserve lots of seats on the same flight, and then simply going with the agency who quoted the lowest price. This means that the seats end up being empty, and the rest of us end up paying for them. Sorry, but even the "rich elite" can no longer make duplicate reservations. Almost all airlines now use software to automatically cancel duplicate bookings.
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
This is unbelievable. Why reinvent the wheel, while there are at least 3 countries that have implemented similar restrictions and tracking systems succesfully for more than 10 years now (England, Israel, and Germany - that I know of).
This sounds like the work of some consultants with no idea of what they are faced with and fresh out of collage where they have analyzed a couple of algorithms... sorry - I have had way too much of these running around the office lately
If for once someone would just poke his head out and instead of trying to find a solution to an age old problem, look and see how others are handling it, we (taxpayers) would all be much more content (and safe...).
Just my 2c.
The situation is really bad if you are named David Nelson. Here is a sad but true story about no fly lists and the very common name, David Nelson. There was also a followup story to this one but I am unable to find a link.
But, you feel safe. Don't you?
...Hugginkiss is catching all kinds of grief.
Comment removed based on user account deletion
I guess all US people would screem for such a "threat to your privacy" ;)
But at least in here in sweden basically anytime you book a flight you give your ID number (similar to a social security #)
Two benefits:
1. Name is just a courtesy, so doesnt really matter for security if somebody get my name wrong.
2. On checkin, it must be _you_ not somebody with a similar name
Of course IDs can be stolen or forged, but that is a problem regardles of how you ID your self.
Your point is very valid if there is a reasonable and rational discussion of the tradeoff's - You know kind of Type I and Type II errors. But the Bushies don't believe in that. Goebellian Ashcroft said that they are willing to use every legal tool available to them to achieve their goals - even if it means ignoring the spirit of the law, and reinterpreting the letters of the law to do whatever they want.
The willingness, in fact eagerness, to overlook collatoral damage is the Hallmark of the Bush Administration. They have rammed policies that wouldn't pass muster support anywhere. It is almost as if they are willing to kill 9 innocent people to prevent the 10th guilty one from escaping.
This mentality shows up in the No Fly list. It shows up in how the Arab immigrants were rounded up, and are now being deported by the thousands. It shows up in how to get to the Saddam "WMD's" they were willing to slaughter Iraqi's. Two or 3 Sept 11 bombers entered with Student visa's so everyone on that visa now gets grandly screwed.
So, logic applies only when the hysteria subsides. If you want you can never let the hysteria subside. And Donald Rumsfeld is a genius - almost lunatic - in that. Like he said in almost poetic form, on Feb. 12, 2002, Department of Defense news briefing, (which means that he could use the concept described in his "poem" below prove anything that he wants - it is almost like dividing by Zero.)
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
quote from the article: Scheduled for deployment in Spring 2004, CAPPS II will require airline ticket buyers to give more identifying information -- full name, birth date, home phone number and address. This information will be run against private credit-rating and government watch list databases to "verify you are who you say you are," Rosenker said
.] Now they're going to be checking that every time I fly?
What in the hell? I was under the impression that having a credit check actually hurts your credit history [as in, you shouldn't have too many credit checks in
I always hated flying, now I'm starting to hate air lines...
--- d'oh
You US folks could really do with a constitution to stop this sort of crap happening. Oh wait, you do have one. Oh well, back to the drawing board. Land of the free indeed.
I think the idea behind this scheme is not to catch terrorists, or even deter them. But to keep the public under a false sense of security, thinking "hell, if they are searching a lot of people, they must be getting the real ones too!" Although it never works out that way.
I think I will be flying private planes if they start looking into your credit. A credit check could be like "Well, you evaded child support and paying the bank $5,000, we can't let you board, if you have the money for a flight, you can pay them!"
They know they they won't be able to get this to work right, they are just pocketing money and putting out a crap system, but I think that it may have better use for private organizations, such as "Well, he evaded taxes and bills, but we see him having a one way ticket to (place), search for him there."
...as long as they're barred from entering the cockpit. The success of the 9/11 attacks can mainly be credited to 1970s-era hijacking guidelines directing pilots to comply with the terrorists' demands, on the assumption that they were going to fly the plane to Cuba or something similar, rather than use it as a weapon. Those guidelines made sense in their time, but clearly, they're no longer applicable.
Here's an idea -- instead of inconveniencing millions of innocent passengers, how about securing the cockpits instead? So long as the pilots remain in control of the plane, it's a flying prison for anyone who commits any criminal act back in the passenger compartment. Let the cockpit crew notify the ground of a failed terrorist attack and land the plane at the nearest airport, with the police and FBI waiting. End of story.
The system was never intended to catch terrorists.
FRA: STFU GTFO
Customer: "Yeah, I like this shirt, but I'm not sure you guys are selling it at the best price. I'm just gonna take the shirt with me while I shop around, mmm 'k?"
Shops don't let you do this, for fairly obvious reasons. Airlines do.
Is this another case of using new laws to support a broken business model? Perhaps a better solution would be that you have to pay a non-refundable deposit when you make a booking. Enough to either discourage the practise, or recover the cost of an empty seat.
455fe10422ca29c4933f95052b792ab2
Well, if these sort of posts are getting modded up so often, maybe there is a problem with the system, then?
It's not like Slashdot is limiting its moderators to all-out-Trostkyists, is it?
-- Even if a god did exist, why the fsck should I worship it?
If you want to make sure your hijacking works fly around innocently as "Sam bin Laden" for a few months, get your name on all the "Fly lists," and then hijack a plane.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
From the article:
Hate to break it to these guys but neither "S" nor "C" are vowels. Heck, they don't even make vowel sounds.Geeze, no wonder the system is broken.
File under 'M' for 'Manic ranting'
Perhaps if airlines weren't so elusive about their pricing, potential passengers would be able to easily compare various flight options without having to do this. But obviously it's in the interests of the airlines to keep passengers in the dark.
I had to change a flight that I was booked for a couple of months back, and I couldn't even get them to give me a firm figure on how much it would cost to alter it until I'd committed myself to doing that. Now that is ridiculous.
-- Even if a god did exist, why the fsck should I worship it?
One knee-jerk reaction people have, particularly leftists, is that the watch list is useless and easily evaded, and that it merely exists to make people feel secure.
The reason I single out liberals is that it's a problem they have with evaluating many other issues. In and of itself, a watch list doesn't do much. And this is a standard failure of analysis: it's easy to pooh-pooh any technique on its own, especially in matters of security or warfare, but that fails to see how it fits into the big picture. Terrorists have limited resources, and this forces them to divert those limited resources into getting false papers. It forces them to have to deal with more people, leaving a longer trail of evidence. When you're doing security, you're playing defense because you can never anticipate precisely what they'll do. What you want to do is force your opponent to take as many chances as possible, and ensure that at any point a mistake will foil them.
Any single measure, whether baggage screening, watch lists, can *not* be rationally analyzed independent of a whole system of checks and doublechecks.
Most egregious is the ACLU's highly irresponsible claim that this is a violation of civil liberties. False positives are *not* a violation of civil liberties. You do not have a right to convenience. You do not have an absolute right to fly because you're sharing that plane with 300 other people. This is just grandstanding by the ACLU. If they want to trash the administration, fine, but drop the sanctimony of civil liberties.
Do they really think that they'll stop terrorists by asking them their names and refusing service if they appear on a list?
Like a terrorist is going to walk up to the counter and say, "Hello, my name is Ibrahim Salih Mohammed Al-Yacoub and I'd like to buy a one way ticket from New York to Los Angeles, preferably on whichever flight has the fewest american infidels. Oops, did I say infidels? I meant passengers, good american passengers."
Terrorists just have to use fake names, or steal someone's identity.
As for soundex, it's a very useful tool for matching words based on how they sound. If someone asks you to search for "alan", you might type in alen, allen, ellen, etc. and still find what they're looking for. This is just a case of it being used in a foolish manner.
This is only the tip of the iceberg, I fear. There are times when you need to ask yourself, what if? I did not live during the McCarthy era, but I feel this is one of those times. I may seem paranoid, but here is my "what if?" for the Bush administation's plan:
1) Use the term "terrorist" to refer to a small number of individuals that are a threat to peace and security in order to justify sweeping changes to policy and laws but more importantly as justification to begin developing a system to track every individual, everywhere (the system will, unfortunately, improve over time).
2) Once the necessary tracking infrastructure is in place (perhaps not perfected yet), change the term from "terrorist" to "criminal" . The justification will be that criminals are bad too, and they threaten peace and security just like terrorists, right?
3) Once the system has improved to the point that false positives are indeed negligable, gradually redefine the term "criminal" to discreetly include groups and individuals of the government's choosing.
Does this sound like an unlikely scenario? If you have an opinion, what social forces do you believe would act to reinforce or inhibit this scenario?
One might also discuss the similarities of the TIA (Total Information Awareness) and TCPA (Trusted Computing Platform Alliance). Both seek to create an environment that a person or an application, respectively, must be pre-authorized to enter. Without proper authorization, you or your application are not allowed to be a part of the system or interact with other authorized entities.
Eventually, I expect the "fly-list" to become the dominate list, and the "no-fly-list" to become increasingly obscure. You will then no longer be able to fly without identifying yourself to the system.
My greatest fear is that one will no longer be able to "buy or sell without the mark [of approval]", in the Biblical sense. What we see today certainly allows for that, especially if you take into consideration the infusement of funds by the government into bioinformatics R&D. The "mark in the forehead or right hand" easily translates into a retinal scan or fingerprint. When positive identification becomes cheap, efficient, and accurate, it will become ubiquitous, and we will all be rows in a (probably Oracle) database.
Thoughts?
Here's a list of the most common ways that people died in the US, 2000:
Total: 2,403,351
"Terrorist attacks", if listed using 2001's figures (~3000?), would be clumped into the "other" category, being 10 times less dangerous than suicide, and 5 times less likely than regular old homicide. "Terrorism" is a whopping 240 times less likely to kill you than heart failure, and would account for a mere 0.12% of all fatalities.
Think about it another way - every 2 days, more people die through heart failure than were killed in the WTC disaster. Worrying about "terror" is only likely to increase your odds of dying of heart failure or hypertension.
From here
BTW, I disagree with you - I think the airlines were pushing for just the right amount of annoyance, to make people think "Boy! They really are looking for those terrorists!", so that the idiots would start flying again. I read once that on most flights, only the last few passengers are profit - the rest pay for fuel, salaries, cost of the plane, etc. So, if only a few passengers per flight decide to risk driving instead, the airline become unprofitable.When people get used to the current level of security, and stop worrying as much about terrorists, they'll back off security little by little to save money. I hope.
John gilmore is suing for the right to travel anonymously(sp).
From the website:
He does so "because he believes persons have a right to travel by air without the government requiring that they relinquish their anonymity. No security threat is as important as the threat to American society caused by erosion of the right to travel, the right to be free from unreasonable searches, and the right to exercise First Amendment rights anonymously."
Check out the FAQ's, which are well written and explain the other reasons - including being subject to secret laws - he is opposing this.
HIV Crosses Species Barrier... into Muppets
There's a simple, easy, inexpensive and effective solution. Unfortunately that's not what the government wants; they prefer expensive, complicated solutions that let them hire more people and expand the bureacracy, even if it happens that those solutions are ineffective. Anyhow, the simple, easy, inexpensive solution is:
It's bad enough when a single isolated program fails completely, as this one has. But if, as you suggest, this program is a part of a larger anti-terrorist system then the failure on the governments part is that much greater! As the saying goes "A chain is only as strong as its weakest link.". The failure of the "No-Fly" list to accurately idenify terrorists creates a critical weakness in our national security infrastructure. For you see, this system was designed to deny terrorists mobility and access to a weapon that they have used successfully in the recent past. In this the "No-Fly" list has failed completely.
This list reminds me of the blunder the French made in constructing the Maginot line. They covered most of their eastern border with a line of fortifications that are tough by even modern standards. But they left the Arden forest uncovered because they thought that no mechanized army could pass through the thickly wooded area. But when war broke out that's just what the Germans did, and the rest of the line was rendered irrelevant. In other words when a line or net or wall is breached then all the remaining sections are worthless.
"The moment "pride" is lost, "freedom" is also lost." - Ramza.
In the US, more people are killed in car accidents _every month_ than were killed in the attacks on the WTC. Even a tiny 2% decrease in the number of car-accident deaths would save more lives every decade than were lost in all terrorist attacks the US has ever suffered.
Over the last 10 years, an American's odds of dying in a terrorist attack are about 1 in 100,000. That's less than your odds of drowning in your own bathtub, less than your odds of drinking yourself to death, and less than your odds of accidentally suffocating in your own bed! (http://www.nsc.org/lrs/statinfo/odds.htm)
Frankly, the current atmosphere of fear of terrorism is little more than hysteria. Why on earth aren't we showing the world we have some balls and are strong enough to not let a few terrorists make us live in fear? If you live in fear or give up freedoms, you've let the terrorists win!
X-raying shoes doesn't make for effective security, but it's intrusive enough to give the impression that at least something is being done.
Articles and editorials that call attention to the violations that come with the bogus no-fly list are essential components of the system -- they make everybody else experience it, vicariously. Everybody who is a little bit stupid (i.e. most people) feels a little safer for it. Sure it inconveniences some people, but not enough to make much political difference.
Even better than the impression of intrusive security, it leads to demands for what amounts to a system of internal passports, where you can't travel by air without registering, and getting -- and maintaining --- official permission. "What, no internal passport? Sorry, sir, I can't let you board." At first felons will have their passports pulled, then "suspected terrorists", then political undesirables of all sorts.
Shops don't let you do this, for fairly obvious reasons. Airlines do.
Huh? Shops sure as hell do. I don't know what stores you shop at, but every store I shop at has a return policy on unused merchandise.
MJC
I'd not thought of that. It would have to be an extraordinarly threatening disease, although it would be an extremely effective tactic: comply or die.
Personally, I don't think RFID will be the tool used because it has already attracted an extreme amount of "big brother" attention. If one truly attempts to deceive "even the very elect", it won't be with something as invasive or obvious as RFID! Additionally, RFID (and UPC codes, etc.) can serve as a decoy to detract attention from the actual "mark" itself. That's why I am suspicious of the retinal/fingerprint method. It's very subtle, efficient, and accurate, and is becoming more economically feasable every day. There is no action on your part aside from submitting your biometrics for inclusion in a database (thereby marking you as "clean" in your example). It's a simple and innocent-sounding process. It's even becoming increasingly accepted by the public. There are several slashdot stories that make mention of the fact that grocery stores are using fingerprints to identify "shopping club" memebers. And this is just to save a few bucks!
There are religious groups today that oppose any sort of innoculations, and un-vaccinated children attend public schools in the face of state laws requiring vaccinations. This implies the current state of affairs is such that social and legal pressures to vaccinate your children against the worst of today's diseases is insufficient to infringe on one's liberty. It'll take something more dangerous than Anthrax or SARS to tip the scales.
The Army Medical Research Institute of Infectious Diseases is at the forefront of SARS research. Perhaps this is to bring the military into the public eye as a provider of the "cure" in preparation for "the big one"?
I so enjoy a good conspiracy theory discussion. :)
The military is just a government excuse to fleece the tax payers and take bribes!!!!