Slashdot Mirror
False Positives, Few Matches Plague 'No-Fly' List
lindner writes "According to a recent article in the San Francisco Chronicle, the United States No-Fly List uses a soundex algorithm to match names. Designed 'to quickly summon passenger names or to catch deal-hunting passengers making duplicate bookings.' The system has only managed to rack up a slew of false-positives, including everyone matching soundex ("J. Adams") at one point in time. The problem has gotten so bad that there is now a "Fly List" for chronically misidentified passengers."
That algorithm is so fundamentally broken as to be practically useless for anything but as an aid in simple searches. Why anyone would use soundex in a mission critical application designed to positively identify individuals is beyond me. What, was the 'No Fly' database written by 1st year comp sci major or something? Sheesh.
My journal has hot
This also happened when Cowboy Neal was mistakenly identified as Kh'alid bin Naoul.
I understand that the airline industry is a little tight right now, but that's just insane.
Unfortunately, the officials implementing a system such as this are going to get crucified either way. If they let a known terrorist onto a plane and a terrorist act happens, their heads are going to roll. Every journalist will be screaming that, "this terrorist has been on the FBI watch list for 2 years, a simple misspelling of his name allowed him to foil the multi-million dolar no fly system".
On the other hand, false positives are going to make the system useless as the boy who cried wolf one too many times found out. There doesn't seem to be an easy solution to this problem.
The more you know, the less you understand.
It should be obvious to anyone that any mechanism designed to target a small group out of a large group will would have to have an extremely small false positive rate to be of any use.
And the false negative rate had better be small, too.
Something 99% accurate is far from good enough; if only 0.01% of possible individuals are actual targets, you'll be getting 100 times as many false positives as correct positives.
So when did the RIAA start running the airlines?
Will I use my alias name which is Alain Williams, or will I use my real name which is Osama Bin Laden the next time that I book a flight to the USA ?
The trouble with this sort of thing is that it inconveniences Joe Public while doing little to deter a real terrorist.
The coolest voice ever.
Here's a good run down on soundex and ten problems with it.
www.bannination.com Two things float to the top he
The metaphone algorithm addresses many of the shortcomings of soundex... why are they not using it?
Soundex gives each name a key using its first letter and dropping the vowels and giving number codes to similar-sounding vowels (like "S" and "C"). The system gives the same code, L350, for "Laden" and all similar-sounding names: Lydon, Lawton, and Leedham.
Boy, I'd hate to be a guy with a name like "Sam Lawton" or something. I wonder how many similarly-named middle-aged salesmen are getting red-flagged on flights... because you just never know, what if Osama Bin Laden disguised as a portly white guy from Milwaukee, and he never bothered to pick a false name that sounded sufficiently different from the original.
what's wrong with passengers hunting for the best deal?
Story: to catch deal-hunting passengers making duplicate bookings.
This means that people were using different travel agencies to reserve lots of seats on the same flight, and then simply going with the agency who quoted the lowest price. This means that the seats end up being empty, and the rest of us end up paying for them. Sorry, but even the "rich elite" can no longer make duplicate reservations. Almost all airlines now use software to automatically cancel duplicate bookings.
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
This is unbelievable. Why reinvent the wheel, while there are at least 3 countries that have implemented similar restrictions and tracking systems succesfully for more than 10 years now (England, Israel, and Germany - that I know of).
This sounds like the work of some consultants with no idea of what they are faced with and fresh out of collage where they have analyzed a couple of algorithms... sorry - I have had way too much of these running around the office lately
If for once someone would just poke his head out and instead of trying to find a solution to an age old problem, look and see how others are handling it, we (taxpayers) would all be much more content (and safe...).
Just my 2c.
The situation is really bad if you are named David Nelson. Here is a sad but true story about no fly lists and the very common name, David Nelson. There was also a followup story to this one but I am unable to find a link.
But, you feel safe. Don't you?
Comment removed based on user account deletion
I guess all US people would screem for such a "threat to your privacy" ;)
But at least in here in sweden basically anytime you book a flight you give your ID number (similar to a social security #)
Two benefits:
1. Name is just a courtesy, so doesnt really matter for security if somebody get my name wrong.
2. On checkin, it must be _you_ not somebody with a similar name
Of course IDs can be stolen or forged, but that is a problem regardles of how you ID your self.
Your point is very valid if there is a reasonable and rational discussion of the tradeoff's - You know kind of Type I and Type II errors. But the Bushies don't believe in that. Goebellian Ashcroft said that they are willing to use every legal tool available to them to achieve their goals - even if it means ignoring the spirit of the law, and reinterpreting the letters of the law to do whatever they want.
The willingness, in fact eagerness, to overlook collatoral damage is the Hallmark of the Bush Administration. They have rammed policies that wouldn't pass muster support anywhere. It is almost as if they are willing to kill 9 innocent people to prevent the 10th guilty one from escaping.
This mentality shows up in the No Fly list. It shows up in how the Arab immigrants were rounded up, and are now being deported by the thousands. It shows up in how to get to the Saddam "WMD's" they were willing to slaughter Iraqi's. Two or 3 Sept 11 bombers entered with Student visa's so everyone on that visa now gets grandly screwed.
So, logic applies only when the hysteria subsides. If you want you can never let the hysteria subside. And Donald Rumsfeld is a genius - almost lunatic - in that. Like he said in almost poetic form, on Feb. 12, 2002, Department of Defense news briefing, (which means that he could use the concept described in his "poem" below prove anything that he wants - it is almost like dividing by Zero.)
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
quote from the article: Scheduled for deployment in Spring 2004, CAPPS II will require airline ticket buyers to give more identifying information -- full name, birth date, home phone number and address. This information will be run against private credit-rating and government watch list databases to "verify you are who you say you are," Rosenker said
.] Now they're going to be checking that every time I fly?
What in the hell? I was under the impression that having a credit check actually hurts your credit history [as in, you shouldn't have too many credit checks in
I always hated flying, now I'm starting to hate air lines...
--- d'oh
You US folks could really do with a constitution to stop this sort of crap happening. Oh wait, you do have one. Oh well, back to the drawing board. Land of the free indeed.
I think the idea behind this scheme is not to catch terrorists, or even deter them. But to keep the public under a false sense of security, thinking "hell, if they are searching a lot of people, they must be getting the real ones too!" Although it never works out that way.
I think I will be flying private planes if they start looking into your credit. A credit check could be like "Well, you evaded child support and paying the bank $5,000, we can't let you board, if you have the money for a flight, you can pay them!"
They know they they won't be able to get this to work right, they are just pocketing money and putting out a crap system, but I think that it may have better use for private organizations, such as "Well, he evaded taxes and bills, but we see him having a one way ticket to (place), search for him there."
...as long as they're barred from entering the cockpit. The success of the 9/11 attacks can mainly be credited to 1970s-era hijacking guidelines directing pilots to comply with the terrorists' demands, on the assumption that they were going to fly the plane to Cuba or something similar, rather than use it as a weapon. Those guidelines made sense in their time, but clearly, they're no longer applicable.
Here's an idea -- instead of inconveniencing millions of innocent passengers, how about securing the cockpits instead? So long as the pilots remain in control of the plane, it's a flying prison for anyone who commits any criminal act back in the passenger compartment. Let the cockpit crew notify the ground of a failed terrorist attack and land the plane at the nearest airport, with the police and FBI waiting. End of story.
If you want to make sure your hijacking works fly around innocently as "Sam bin Laden" for a few months, get your name on all the "Fly lists," and then hijack a plane.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
From the article:
Hate to break it to these guys but neither "S" nor "C" are vowels. Heck, they don't even make vowel sounds.Geeze, no wonder the system is broken.
File under 'M' for 'Manic ranting'
Perhaps if airlines weren't so elusive about their pricing, potential passengers would be able to easily compare various flight options without having to do this. But obviously it's in the interests of the airlines to keep passengers in the dark.
I had to change a flight that I was booked for a couple of months back, and I couldn't even get them to give me a firm figure on how much it would cost to alter it until I'd committed myself to doing that. Now that is ridiculous.
-- Even if a god did exist, why the fsck should I worship it?
This is only the tip of the iceberg, I fear. There are times when you need to ask yourself, what if? I did not live during the McCarthy era, but I feel this is one of those times. I may seem paranoid, but here is my "what if?" for the Bush administation's plan:
1) Use the term "terrorist" to refer to a small number of individuals that are a threat to peace and security in order to justify sweeping changes to policy and laws but more importantly as justification to begin developing a system to track every individual, everywhere (the system will, unfortunately, improve over time).
2) Once the necessary tracking infrastructure is in place (perhaps not perfected yet), change the term from "terrorist" to "criminal" . The justification will be that criminals are bad too, and they threaten peace and security just like terrorists, right?
3) Once the system has improved to the point that false positives are indeed negligable, gradually redefine the term "criminal" to discreetly include groups and individuals of the government's choosing.
Does this sound like an unlikely scenario? If you have an opinion, what social forces do you believe would act to reinforce or inhibit this scenario?
One might also discuss the similarities of the TIA (Total Information Awareness) and TCPA (Trusted Computing Platform Alliance). Both seek to create an environment that a person or an application, respectively, must be pre-authorized to enter. Without proper authorization, you or your application are not allowed to be a part of the system or interact with other authorized entities.
Eventually, I expect the "fly-list" to become the dominate list, and the "no-fly-list" to become increasingly obscure. You will then no longer be able to fly without identifying yourself to the system.
My greatest fear is that one will no longer be able to "buy or sell without the mark [of approval]", in the Biblical sense. What we see today certainly allows for that, especially if you take into consideration the infusement of funds by the government into bioinformatics R&D. The "mark in the forehead or right hand" easily translates into a retinal scan or fingerprint. When positive identification becomes cheap, efficient, and accurate, it will become ubiquitous, and we will all be rows in a (probably Oracle) database.
Thoughts?
Here's a list of the most common ways that people died in the US, 2000:
Total: 2,403,351
"Terrorist attacks", if listed using 2001's figures (~3000?), would be clumped into the "other" category, being 10 times less dangerous than suicide, and 5 times less likely than regular old homicide. "Terrorism" is a whopping 240 times less likely to kill you than heart failure, and would account for a mere 0.12% of all fatalities.
Think about it another way - every 2 days, more people die through heart failure than were killed in the WTC disaster. Worrying about "terror" is only likely to increase your odds of dying of heart failure or hypertension.
John gilmore is suing for the right to travel anonymously(sp).
From the website:
He does so "because he believes persons have a right to travel by air without the government requiring that they relinquish their anonymity. No security threat is as important as the threat to American society caused by erosion of the right to travel, the right to be free from unreasonable searches, and the right to exercise First Amendment rights anonymously."
Check out the FAQ's, which are well written and explain the other reasons - including being subject to secret laws - he is opposing this.
HIV Crosses Species Barrier... into Muppets
It's bad enough when a single isolated program fails completely, as this one has. But if, as you suggest, this program is a part of a larger anti-terrorist system then the failure on the governments part is that much greater! As the saying goes "A chain is only as strong as its weakest link.". The failure of the "No-Fly" list to accurately idenify terrorists creates a critical weakness in our national security infrastructure. For you see, this system was designed to deny terrorists mobility and access to a weapon that they have used successfully in the recent past. In this the "No-Fly" list has failed completely.
This list reminds me of the blunder the French made in constructing the Maginot line. They covered most of their eastern border with a line of fortifications that are tough by even modern standards. But they left the Arden forest uncovered because they thought that no mechanized army could pass through the thickly wooded area. But when war broke out that's just what the Germans did, and the rest of the line was rendered irrelevant. In other words when a line or net or wall is breached then all the remaining sections are worthless.
"The moment "pride" is lost, "freedom" is also lost." - Ramza.
In the US, more people are killed in car accidents _every month_ than were killed in the attacks on the WTC. Even a tiny 2% decrease in the number of car-accident deaths would save more lives every decade than were lost in all terrorist attacks the US has ever suffered.
Over the last 10 years, an American's odds of dying in a terrorist attack are about 1 in 100,000. That's less than your odds of drowning in your own bathtub, less than your odds of drinking yourself to death, and less than your odds of accidentally suffocating in your own bed! (http://www.nsc.org/lrs/statinfo/odds.htm)
Frankly, the current atmosphere of fear of terrorism is little more than hysteria. Why on earth aren't we showing the world we have some balls and are strong enough to not let a few terrorists make us live in fear? If you live in fear or give up freedoms, you've let the terrorists win!
X-raying shoes doesn't make for effective security, but it's intrusive enough to give the impression that at least something is being done.
Articles and editorials that call attention to the violations that come with the bogus no-fly list are essential components of the system -- they make everybody else experience it, vicariously. Everybody who is a little bit stupid (i.e. most people) feels a little safer for it. Sure it inconveniences some people, but not enough to make much political difference.
Even better than the impression of intrusive security, it leads to demands for what amounts to a system of internal passports, where you can't travel by air without registering, and getting -- and maintaining --- official permission. "What, no internal passport? Sorry, sir, I can't let you board." At first felons will have their passports pulled, then "suspected terrorists", then political undesirables of all sorts.
They also conduct 10 minute interviews with every person who goes through customs. Haven't flown there myself, but a good friend of mine has described it in detail, having gone back and forth dozens of times over the last few years. The security is far more extensive than air marshalls and a few gadgets on the planes.
... I could go on.
Israel has a massive, complex security network, and you can't just extract a single entity, El Al, from it and pretend that none of the rest of the government's activities bear on how El Al works.
I've flown El Al several times in the past year, and I have been living in Jerusalem, and I can vouch for both: there's a lot more than a 10 minute interview to El Al if anything about you raises their hackles, *and* security in Israel is (has to be) a whole different animal than it is in the States. (I'm a U.S. citizen, a student living in Israel for a year.)
How is a 1 in 100 chance of having a few questions asked and your bags searched because of a false positive "completely destroying" any of your rights?
Here I have to take issue with you. "A few questions asked and your bags searched" is not what they are talking about in this article. I happen to trigger a couple of profiles that make airlines sit up and take notice (I'm a middle-aged single female, for starters) and as a result, flying is a nightmare. While I totally understand the need for careful security, if you are one of the lucky people on the list, you can look forward to the things that have actually happened to me in the past year:
-- kept off of one international flight, questioned for 4 hours, finally allowed on the next flight going out.
-- required to spend 3 hours clearing security, therefore missing my flight (while my laptop was disassembled so completely that tools were required, and all the parts x-rayed.)
-- when travelling with a friend, said friend was also taken off into a separate room, where he was questioned to see if his version of my story matched my version
-- Searches that require undressing.
-- Humiliating "interviews" in front of a line of people (who are also angry that the line is held up.)
My point is, we're not talking minor inconvenience, as you suggest. I have no desire to be blown up or crashed into a building, and I am quite clear that anything I do to protest this treatment makes matters worse, so I just grit my teeth and fly as little as I can.
Some airlines are more courteous than others; I've become a real fan of Continental, because they take their time checking me out but do it with a minimum of humiliation.
OK, now what?