Slashdot Mirror

← Back to Stories (view on slashdot.org)

Terror Watchlist "Crippled By Technical Flaws"

Posted by kdawson on from the little-bobby-datas-we-call-him dept.

I Don't Believe in Imaginary Property writes "The database used by the government to generate lists like the No-Fly List is 'crippled by technical flaws,' according to the chairman of a House technology oversight subcommittee. And the upgrade may be worse than the original. Rep. Brad Miller (D-NC) says that 'if actually deployed, [the upgrade] will leave our country more vulnerable than the existing yet flawed system in operation today.' It seems that the current database doesn't have any easy way to do plain-text matching, forcing users to enter SQL queries. That might not sound so bad until you learn that the database contains 463 poorly indexed tables. How long until there's a terrorist named Robert'); DROP DATABASE; —?"

28 of 324 comments (clear)

  1. That's what happens when.... by ericspinder · · Score: 5, Insightful

    That's what happens when your interview questions are a political loyalty test.

    --
    The grass is only greener, if you don't take care of your own lawn.
    1. Re:That's what happens when.... by gEvil+(beta) · · Score: 3, Insightful

      I understand that's what happened in the justice department - is that true of other departments?

      Considering the modus operandi of this administration, I'd be very surprised if this weren't a widespread practice.

      --
      This guy's the limit!
    2. Re:That's what happens when.... by wisty · · Score: 2, Insightful

      It happens in any place where IT is an essential part, and an optional extra. If IT is essential you need meetings and accountability, and no feature gets a cost-benefit analysis by anyone with a clue because all of them are "essential".

    3. Re:That's what happens when.... by Anonymous Coward · · Score: 1, Insightful

      Do you think the next administration will change things?

      I don't.

    4. Re:That's what happens when.... by bickerdyke · · Score: 2, Insightful

      As they say, "sh-t flows down-hill."

      Nah. it much too often floats at the top.

      --
      bickerdyke
    5. Re:That's what happens when.... by rtb61 · · Score: 2, Insightful

      Oddly enough changing lackeys can in fact change things. For example whilst they might both be corrupt, the more intelligent group remains aware that you don't fuck up the system when attempting to extract as much money out of it for yourself otherwise the system collapses and there is a whole lot less money to be made.

      The other group represents the ignorant pigs at the trough, idiot children in a candy store or basically the sociopaths. Those whose greed destroys the system they are pillaging as they show no restraint with regard to their actions.

      So the real difference is whilst you might be employing lackeys, the lackeys you are employing are actually skilled at the job you a employing them for, rather the just idiotically corrupt placements where it is inevitably that they will fuck the job up, "Brownie, you did a heck of a job", forcing everybody to lie about the results.

      --
      Chaos - everything, everywhere, everywhen
    6. Re:That's what happens when.... by 2short · · Score: 3, Insightful

      Yes, I do.
      Cynicism is cute and all, but don't let it impair perceiving the world. Regarding the hiring policies for non-political-appointees at justice, previous administrations (of both parties) did NOT in fact do what this one did.
      Sure, politicians in general, suck. But don't let your depression about this prevent you from noticing when some of them suck considerably harder.

  2. Why Would You Expect Otherwise? by curmudgeon99 · · Score: 4, Insightful

    The same US government that screws everything else up should be expected to screw up the terror DB. It was probably written by a junior developer who had never heard of a SQL injection. Isn't making a search form about the easiest project there is to build? I hate to say it, but I'm glad our government is so full of screw ups: pity the list exists at all...

    1. Re:Why Would You Expect Otherwise? by mrbluze · · Score: 2, Insightful

      I like the idea of having a fly at your own risk airline where you can just "risk it" and not have all these so called "protections". I bet it would put the airlines with the TSA out of business in a week.

      Thinking of joining the air force?

      --
      Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
    2. Re:Why Would You Expect Otherwise? by Tridus · · Score: 4, Insightful

      It was outsourced. Near the bottom of TFA it says that some of the money was used to renovate a building owned by Boeing.

      Its amazing just how many "government screwups" are actually caused by politicians outsourcing to their buddies in private industry (with little to no penalties for failing to deliver what was promised), and have nothing to do with the abilities of actual government employees.

      There's actually quite a few smart IT folks in government, but they're not the ones who make decisions on who to outsource this stuff to. In fact, most of them would probably rather build a team and do it In-House, since that way you build up the knowledge internally and can more easily support it later.

      So please don't blame government employees for something that Boeing screwed up.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    3. Re:Why Would You Expect Otherwise? by MindStalker · · Score: 4, Insightful

      C) Keep the terror level level artificially high.
      http://www.dhs.gov/xinfoshare/programs/Copy_of_press_release_0046.shtm

      The United States government's national threat level is Elevated, or Yellow.

      The U.S. threat level is High, or Orange, for all domestic and international flights.

      So for the rest of you its only Yellow, but if your flying, its Orange!

    4. Re:Why Would You Expect Otherwise? by Jason+Levine · · Score: 5, Insightful

      The Mythbusters disproved the "hole in the plane causes explosive decompression" myth.

      From http://mythbustersresults.com/episode10 :

      Explosive decompression can occur when a bullet is fired through the fuselage of a pressurized airplane, causing the hole to grow dramatically and possibly cause the plane to break up as seen in movies.

      BUSTED

      The pressure is not high enough and the hole is too small. Explosive decompression only occurred when a hole the size of a window was made with explosives. Even then, the rush of air could not suck Buster completely out of the hole. Lastly, there are proven instances of explosive decompression where the plane was still able to maintain control and land.

      (This myth was revisited in episode 38 and it was re-busted.)

      So you could theoretically have armed people on the plane shooting at terrorists and not causing huge problems if they miss. (Well, except for passengers that get in the way.)

      I think the best solution is to lock the pilot's door before boarding. Then the pilots are instructed to not open the door under any circumstances. If terrorists threaten to kill passengers, the pilots are to land the plane and won't be held accountable for any deaths that result. After all, giving into the demands to open the door and turn over control of the plane could mean the death of all on board as well as people on the ground. The pilot's door should also be bullet-proof (in case a weapon is smuggled on board).

      El Al does this (in addition to other security measures) and they haven't had a single hijacking even though they're a huge target.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    5. Re:Why Would You Expect Otherwise? by spun · · Score: 2, Insightful

      Really. So, all private industry is automatically good, or would you care to qualify that statement? The free market has failure modes, you know. Perhaps you've heard of natural monopoly, imbalance of information, and externalities?

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  3. It's _not_ crippled by technical flaws. by Ihlosi · · Score: 4, Insightful

    It's crippled by being a moronic concept in the first place ("You've got the wrong name and _maybe_ the wrong date of birth, and you're not flying.") and an absolutely arbitrary process of putting names on the list, and no way of ever getting a name off the list.

    Fix those points first, and _then_ worry about technical details.

    1. Re:It's _not_ crippled by technical flaws. by hellwig · · Score: 5, Insightful

      Exactly. The No Fly List is useless because it contains an estimated 1,000,000+ names (really, 1 million terrorists we can't track down?). It's useless because it contains generic entries such as T. Kennedy, which doesn't refer to a person but an alias once used in a crime (Tater Salad might be in there too). It's useless because even once they bomb a terrorist into tiny pieces his name is still on the list (sry, can't rememer who). Not only that, but the list is used for political dissidents too, not just terrorists or dangerous criminals. Apparently Nelson Mandela was on the list, until the fact was embarrasingly publicized and he was finally removed.

      --
      Eggs
      Milk
      Bread
      Cat Litter
      Soda
      ...
    2. Re:It's _not_ crippled by technical flaws. by daremonai · · Score: 3, Insightful

      Personally, I'd be a little worried about a 5-year-old who's still in diapers.

    3. Re:It's _not_ crippled by technical flaws. by Lucid+3ntr0py · · Score: 3, Insightful

      I think we should start putting everyone on the watch list. Then we don't have to worry about exceptions, and all of our wait times become the same.

      If employees of the TSA can't sort out when someone, like a 6 year old boy, is not the right person named on the terror list, then WHAT THE FUCK ARE THEY GOING TO DO WITH A REAL TERRORIST?

  4. Number of tables, no Poorly indexed by ericspinder · · Score: 4, Insightful

    The problem is not the number of tables, but the fact that they are apparently 'poorly indexed'. Table indexes are important, both for the speed of queries, and data integrity.

    --
    The grass is only greener, if you don't take care of your own lawn.
    1. Re:Number of tables, no Poorly indexed by ericspinder · · Score: 4, Insightful

      Wow, so create the indexes then. What's up with you all, this is elementary stuff...a few hours creating the required indexes.

      Fixing or even working on, an application and database developed without proper indexes (and foreign keys) is a real pain in the butt, and fraught with 'danger'.

      You lot are carrying on as if it's Y2K

      Hey, Y2k was 'just' changing a two digit year to a four digit year. By what seems like your standards there shouldn't any 'work' behind that either. Just because it's easy to say, doesn't mean that it's easy to do.

      --
      The grass is only greener, if you don't take care of your own lawn.
  5. "Technical Flaws" by T.E.D. · · Score: 2, Insightful

    I'm not sure you can call having names on the list matching 1/3 of the population of the earth a "technical flaw".

    What they really need to do to make it useful is get it down to perhaps a couple thousand real concerns.

  6. Re:is this "obvious news day" again? by Anonymous Coward · · Score: 1, Insightful

    Mods mod this flamebait? Bad bad bad, parent is merely explaining the post of ggp. Valid mod options: Informative, Redundant.

  7. Re:is this "obvious news day" again? by bonehead · · Score: 5, Insightful

    -If you have the same name, initials or hair color as a felon, you're on the list.

    -If you've ever lived withing a 5 mile radius of a felon, you're on the list.

    ................

    Any thoughts?

    It takes more than just being a felon.

    I have a felony conviction (non-violent). I've flown 3 times since being discharged from parole and haven't run into any difficulties at the airports.

    There are many different types of felonies. Many felons are, indeed, very very bad people. However, I personally know several convicted felons who I would trust to babysit my children, or loan money to. Most of the people I know in that category got their felony convictions as a result of substance abuse issues and have since cleaned up their act.

    Just wanted to point out that having a felony conviction doesn't necessarily mean somebody is an evil person.

  8. Terrorism measures and the TSA by DesScorp · · Score: 5, Insightful

    One could wonder whether the project was set up to adress terrorism OR it was setup to generate media-attention ?

    I work at an airport, in administration, and trust me when I say this has very little to do with dark political conspiracies, and a lot to do with the government's haste to show they were "doing something" after 9/11. This project was quickly rushed into service, and has been widely reviled by airports and airport police departments across the country. And other similar measures... the current background check process for giving access to secured areas, and the very creation of TSA itself, were all measures to reassure the public that something was getting done. The problem is that government enterprises like these tend to become bipartisan boondoggles, with every state and major city wanting a piece of the political and funding action these things entail. Federal agencies tend to become monsters that need to justify their own existence by constant growth. TSA in particular is quickly becoming a large federal law enforcement agency, not just a baggage security team. When they were first set up, several of their nascent teams moved and basically tried to take control of several airports... I know of one major southern airport where they simply showed up one day, declared that a series of offices now belonged to them, and when the airport director came down to see what was going on, they tried to have him arrested by his own police force for "violating federal facilities". Anyone that works with AAAE members (airport execs group) knows what incident I'm talking about.

    Did you know that TSA will now be issued police-like blue uniforms, with metal badges, just like cops? Airport police and the metropolitan police departments that supplement them just looooove that, and there's the inevitable talk of actually giving said TSA agents firearms. Unlike some other police departments, TSA agents are being encouraged to wear their uniforms and badges in their spare time, in order to enhance the agency's "visibility" to the public. There are already jokes that TSA SWAT teams are inevitable at airports. The problem is, the laughter doesn't last very long when we realize that the way things are going, that might not be a joke so much as a prediction of the future.

    --
    Life is hard, and the world is cruel
    1. Re:Terrorism measures and the TSA by Chris+Burke · · Score: 2, Insightful

      I work at an airport, in administration, and trust me when I say this has very little to do with dark political conspiracies, and a lot to do with the government's haste to show they were "doing something" after 9/11.

      I didn't need an airport administrator to tell me that this is all just Security Theater, but thanks for the confirmation just the same.

      Did you know that TSA will now be issued police-like blue uniforms, with metal badges, just like cops? Airport police and the metropolitan police departments that supplement them just looooove that, and there's the inevitable talk of actually giving said TSA agents firearms. Unlike some other police departments, TSA agents are being encouraged to wear their uniforms and badges in their spare time, in order to enhance the agency's "visibility" to the public.

      Oh goody, we can have our very own Security Theater Troupe performing for us, only with non-voluntary audience participation!

      --

      The enemies of Democracy are
  9. Re:Number of tables by gnuman99 · · Score: 2, Insightful

    What? So, we need the SSN or DL number of Osama bin Laden now?

    Name searching, as weird as it may sound to some DB people, is one of the most reliable ways to match record to person. Sure, you *want* to have additional information to know that you have the correct Sammy Smith, but you have to start with the name.

    Of course, this is aside the fact that DNFL was a stupid idea. An idea brought as a *reaction* to 9/11 so politicians could point at it and say how much they are protecting the public. A list that in fact would do nothing to prevent 9/11 in the first place.

  10. Re:Large Systems are Hard by IceCreamGuy · · Score: 2, Insightful

    I think your comment is pretty irrelevant since the TSA has only gotten worse since it's inception. Not only has it made mistakes, but it has expanded and pursued its mistakes to a point where, like the GP implied, we have to take a step back and say "this has gotten a little out of control."

  11. Maybe by christoofar · · Score: 1, Insightful

    they should stop using MSAccess.

  12. So, it doesn't work... by John+Hasler · · Score: 2, Insightful

    ...and yet despite it's failure to protect us, we have not been attacked.

    Perhaps, just perhaps, this is evidence that it is not necessary?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.