Terror Watchlist "Crippled By Technical Flaws"

I Don't Believe in Imaginary Property writes "The database used by the government to generate lists like the No-Fly List is 'crippled by technical flaws,' according to the chairman of a House technology oversight subcommittee. And the upgrade may be worse than the original. Rep. Brad Miller (D-NC) says that 'if actually deployed, [the upgrade] will leave our country more vulnerable than the existing yet flawed system in operation today.' It seems that the current database doesn't have any easy way to do plain-text matching, forcing users to enter SQL queries. That might not sound so bad until you learn that the database contains 463 poorly indexed tables. How long until there's a terrorist named Robert'); DROP DATABASE; —?"

That's what happens when....

[ericspinder]

That's what happens when your interview questions are a political loyalty test.

Why Would You Expect Otherwise?

[curmudgeon99]

The same US government that screws everything else up should be expected to screw up the terror DB. It was probably written by a junior developer who had never heard of a SQL injection. Isn't making a search form about the easiest project there is to build? I hate to say it, but I'm glad our government is so full of screw ups: pity the list exists at all...

Re:Why Would You Expect Otherwise?

[Tridus]

It was outsourced. Near the bottom of TFA it says that some of the money was used to renovate a building owned by Boeing.

Its amazing just how many "government screwups" are actually caused by politicians outsourcing to their buddies in private industry (with little to no penalties for failing to deliver what was promised), and have nothing to do with the abilities of actual government employees.

There's actually quite a few smart IT folks in government, but they're not the ones who make decisions on who to outsource this stuff to. In fact, most of them would probably rather build a team and do it In-House, since that way you build up the knowledge internally and can more easily support it later.

So please don't blame government employees for something that Boeing screwed up.

Re:Why Would You Expect Otherwise?

[MindStalker]

C) Keep the terror level level artificially high.
http://www.dhs.gov/xinfoshare/programs/Copy_of_press_release_0046.shtm

The United States government's national threat level is Elevated, or Yellow.

The U.S. threat level is High, or Orange, for all domestic and international flights.

So for the rest of you its only Yellow, but if your flying, its Orange!

Re:Why Would You Expect Otherwise?

[Jason+Levine]

The Mythbusters disproved the "hole in the plane causes explosive decompression" myth.

From http://mythbustersresults.com/episode10 :

Explosive decompression can occur when a bullet is fired through the fuselage of a pressurized airplane, causing the hole to grow dramatically and possibly cause the plane to break up as seen in movies.

BUSTED

The pressure is not high enough and the hole is too small. Explosive decompression only occurred when a hole the size of a window was made with explosives. Even then, the rush of air could not suck Buster completely out of the hole. Lastly, there are proven instances of explosive decompression where the plane was still able to maintain control and land.

(This myth was revisited in episode 38 and it was re-busted.)

So you could theoretically have armed people on the plane shooting at terrorists and not causing huge problems if they miss. (Well, except for passengers that get in the way.)

I think the best solution is to lock the pilot's door before boarding. Then the pilots are instructed to not open the door under any circumstances. If terrorists threaten to kill passengers, the pilots are to land the plane and won't be held accountable for any deaths that result. After all, giving into the demands to open the door and turn over control of the plane could mean the death of all on board as well as people on the ground. The pilot's door should also be bullet-proof (in case a weapon is smuggled on board).

El Al does this (in addition to other security measures) and they haven't had a single hijacking even though they're a huge target.

It's _not_ crippled by technical flaws.

[Ihlosi]

It's crippled by being a moronic concept in the first place ("You've got the wrong name and _maybe_ the wrong date of birth, and you're not flying.") and an absolutely arbitrary process of putting names on the list, and no way of ever getting a name off the list.

Fix those points first, and _then_ worry about technical details.

Re:It's _not_ crippled by technical flaws.

[hellwig]

Exactly. The No Fly List is useless because it contains an estimated 1,000,000+ names (really, 1 million terrorists we can't track down?). It's useless because it contains generic entries such as T. Kennedy, which doesn't refer to a person but an alias once used in a crime (Tater Salad might be in there too). It's useless because even once they bomb a terrorist into tiny pieces his name is still on the list (sry, can't rememer who). Not only that, but the list is used for political dissidents too, not just terrorists or dangerous criminals. Apparently Nelson Mandela was on the list, until the fact was embarrasingly publicized and he was finally removed.

Number of tables, no Poorly indexed

[ericspinder]

The problem is not the number of tables, but the fact that they are apparently 'poorly indexed'. Table indexes are important, both for the speed of queries, and data integrity.

Re:Number of tables, no Poorly indexed

[ericspinder]

Wow, so create the indexes then. What's up with you all, this is elementary stuff...a few hours creating the required indexes.

Fixing or even working on, an application and database developed without proper indexes (and foreign keys) is a real pain in the butt, and fraught with 'danger'.

You lot are carrying on as if it's Y2K

Hey, Y2k was 'just' changing a two digit year to a four digit year. By what seems like your standards there shouldn't any 'work' behind that either. Just because it's easy to say, doesn't mean that it's easy to do.

Re:is this "obvious news day" again?

[bonehead]

-If you have the same name, initials or hair color as a felon, you're on the list.

-If you've ever lived withing a 5 mile radius of a felon, you're on the list.

................

Any thoughts?

It takes more than just being a felon.

I have a felony conviction (non-violent). I've flown 3 times since being discharged from parole and haven't run into any difficulties at the airports.

There are many different types of felonies. Many felons are, indeed, very very bad people. However, I personally know several convicted felons who I would trust to babysit my children, or loan money to. Most of the people I know in that category got their felony convictions as a result of substance abuse issues and have since cleaned up their act.

Just wanted to point out that having a felony conviction doesn't necessarily mean somebody is an evil person.

Terrorism measures and the TSA

[DesScorp]

One could wonder whether the project was set up to adress terrorism OR it was setup to generate media-attention ?

I work at an airport, in administration, and trust me when I say this has very little to do with dark political conspiracies, and a lot to do with the government's haste to show they were "doing something" after 9/11. This project was quickly rushed into service, and has been widely reviled by airports and airport police departments across the country. And other similar measures... the current background check process for giving access to secured areas, and the very creation of TSA itself, were all measures to reassure the public that something was getting done. The problem is that government enterprises like these tend to become bipartisan boondoggles, with every state and major city wanting a piece of the political and funding action these things entail. Federal agencies tend to become monsters that need to justify their own existence by constant growth. TSA in particular is quickly becoming a large federal law enforcement agency, not just a baggage security team. When they were first set up, several of their nascent teams moved and basically tried to take control of several airports... I know of one major southern airport where they simply showed up one day, declared that a series of offices now belonged to them, and when the airport director came down to see what was going on, they tried to have him arrested by his own police force for "violating federal facilities". Anyone that works with AAAE members (airport execs group) knows what incident I'm talking about.

Did you know that TSA will now be issued police-like blue uniforms, with metal badges, just like cops? Airport police and the metropolitan police departments that supplement them just looooove that, and there's the inevitable talk of actually giving said TSA agents firearms. Unlike some other police departments, TSA agents are being encouraged to wear their uniforms and badges in their spare time, in order to enhance the agency's "visibility" to the public. There are already jokes that TSA SWAT teams are inevitable at airports. The problem is, the laughter doesn't last very long when we realize that the way things are going, that might not be a joke so much as a prediction of the future.