Slashdot Mirror
TSA Missed Boston Bomber Because His Name Was Misspelled In a Database
schwit1 sends this news from The Verge:
"Tamerlan Tsarnaev, the primary conspirator in the Boston Marathon bombing that killed three people, slipped through airport security because his name was misspelled in a database, according to a new Congressional report. The Russian intelligence agency warned U.S. authorities twice that Tsarnaev was a radical Islamist and potentially dangerous. As a result, Tsarnaev was entered into two U.S. government databases: the Terrorist Identities Datamart Environment and the Treasury Enforcement Communications System (TECS), an interagency border inspection database.
A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
That's a bomber, I mean bummer.
Table-ized A.I.
The TSA is operated by some of the most incompetent people the USA has to offer. They are the problem, not the hardware or software. I fail to see why they should get a "free pass" here on account of a bad database entry. Heads should be hung over this, especially considering the justifications thrown around for the continued existence of the TSA.
I've seen this story about Russia giving us warnings about the Boston bomber floating around elsewhere recently, why is this news now? We knew this back in 2013.
Despite the misspelling, the FBI interviewed him and determined he was no threat (unlike his friend who they interviewed after the bombing, and shot to death during the interview).
So what would it have mattered if airport security searched him after one of his trips to Russia? It's almost certain he wasn't carrying anything that would have got him arrested.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
soundex
Levenshtein distance
Hamming distance
More like this, can't be arsed to go looking them up, though. Those were three I knew off the cuff.
I think the tacit implication here is that if Tsarnaev had been questioned on exiting the country the Boston Marathon bombing might have been averted, but is there really any substance to this? Do we think he would have changed plans had he been questioned? Pressure cooker outlets would have been alerted to refuse to sell him cookware? What exactly would the outcome likely have been had he been questioned?
Wir sind geboren, um frei zu sein - Rio Reiser
News at Nine: transliterations of names can be tricky... Some parts of the world use different alphabets...
It was not misspelled, it was just transliterated differently. The original name is Cyrillic, and "Tsarnayev" is actually closer to how it is supposed to be pronounced, but "Tsarnaev" is the more usual letter-for-letter transliteration that doesn't distinguish two modes of Russian "e" (it's pronounced as "e" in general, but as "ye" after vowels and at the beginning of words), and is the one that's usually used in passports. I wouldn't be surprised if "Tsarnayev" was how it was spelled in the documents that they've got from Russia, because the person on the other side translated it phonetically...
Either way, this points at a glaring issue in all those databases. If they require a perfect match, they're going to be very flaky for all kinds of foreign names - ironically, Arabic ones especially, which I assume are the most commonly searched ones. Remember that whole Qaddafi vs Gaddafi vs Kaddafi in US press when Libya was on the front pages?
Yet another evidence that all this stuff is little more but security theater. It doesn't matter whether it actually works, so long as people are convinced that it does. Unfortunately, they actually let a real terrorist through this time...
I've written about this before; I used to write financial software for a living, and one of the requirements for a US bank was to provide a mechanism to detect transactions by an unauthorized person.
In short, the govt. provides a list of bad people in a text file. One name per line, all upper case, like it came out of an old batch system. We then check to see if the sender or receiver of any transaction /EXACTLY/ matches that string, case insensitive. If it's an exact letter-for-letter match, there's a flag that's set and the transaction is delayed, but it appears to go through as normal(*). What happens after that is the bank's responsibility, but that's the whole of the complexity.
Whoever made the list usually has a few variants of spelling; OSAMA BIN LADEN or OMASA BIN LADEN or OSMA BIN LADEN, for example. But that's it. Just spelling your name slightly differently is enough to avoid the flag. We're literally not allowed to add anything else, like soundex matching or handling foreign letters.
This is ~probably~ also how the TSA no fly list works, and why you still hear about false positives from time to time. It's also probably how any security works until it's been around for 20 years and they hire a contracting company to make them really good software that does what they want, instead of what they think they want it to do.
It just takes a very long time for software designed by a legislative committee with no technical awareness to morph into something usable, but that's government for you.
* - most transactions are not sent out until the end-of-day reconciliation anyway, so it looks like it's accepted like most other transactions, probably in a 'pending' state in your online balance - unless you're paying for a wire transfer or something.
They never tell you the truth. All assertion, no evidence.
"Flyin' in just a sweet place,
Never been known to fail..."
Great, so now not only if we are a namesake with a wanted "enemy of the state", but also if our names are soundex or Levenshtein Distance 3 similar, we are going to get detained, cavity searched and otherwise.
Science advances one funeral at a time- Max Planck
Neither "Tsarnaev" nor "Tsarnayev" is the correct spelling; the correct spelling is "ЦÐÑнÐÌÐÐ".
As another commenter mentioned, utility companies solved this problem decades ago with technology like Soundex. Our intelligence apparatus is apparently crippled by incompetence, laziness, haste, provincialism, or all of the above.
Tamerlan Tsarnaev- T-I-M-T-H-O-M-A-S. I am professional hockey player.
That fiend had changed his name to "Tsarnayev'); DROP TABLE Terrorists; --"
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Seriously, this entire organization encompasses everything wrong with the Federal government. Massive privacy overreach, complete incompetence, and a literal NIGHTMARE BUREAUCRACY! This is one of the worst aspects of the Bush legacy, and "The One" has not done anything to curtail its power: http://www.cnn.com/2010/TRAVEL...
The most advanced systems in the world will never outpace human mistakes.
If you type "Tsarnayev" (the way his name was incorrectly spelled" into Google, the first match is: wikipedia.org/wiki/Dzhokhar_and_Tamerlan_Tsarnaev
So I'll call bullshit on your claim, and also note that the database entry error was only the last in a long series of events. (try reading the article)
The problem was not "human mistakes". The problem was a string of incompetent and corrupt police and FBI agents. Mistakes are accidents, the string of fuck-ups in this case were anything BUT mistakes.
This is a clear case of "blinded by data".
Exactly. This is clearly all Bush's fault. Glorious Leader Obamessiah never does any wrong.
Yes, actually you could argue it's Bush's fault, and the GOP's fault.
You see, they were too busy crying about Clinton's jizz on a Blue Dress to pay attention to some guy named "Bin Laden" who was blowing up embassies. They got so pissed at Clinton for launching cruise missiles at training camps that after he left office, Bush completely halted all operations against his network. Then they proceeded to ignore multiple public warnings and threats, and after the first airplane hit the tower Bush felt it was more important to finish reading "My Pet Goat" to some kids than it was to immediately ground all commercial air traffic in the region.
For the record, I'm a Conservative. But I'm not an idiot, either, and can do more than puke up "clever" insults I heard on Rush's nutjob radio show.
john or jhon or joohn....... every one gets a different one.
I'm not at all disputing the idea of what you're saying. In fact, I agree that incompetence let this guy through.
However, your example of googling this guy's name is a particularly bad one. Google's autocorrection algorithms are based on the popularity of terms and their similarities. Since the bombing, surely this name would have been googled millions of times.
Do you really suppose that Google would have made such an accurate correction before the Boston attacks that madetheir family name infamous?
It should have been: Archibald Tuttle
Sdelat' Ameriku velikoy Snova!
if our names are soundex or Levenshtein Distance 3 similar,
"that's Levenshtein with an ei and Levenshtyne with a y" *
(*) my son, the terrorist
--
"It is now safe to switch off your computer."
My last name has at least four different spellings, maybe more. If you enter one of them into Google, some exact matches will be found. But, if you enter them into a genealogical search engine, all the variations of the name will be found. Google is good at what Google does, but it's not always the best search engine for every task.
we can require everybody to change their name. but we still end up with Anderson, Andersen, Anderssen, etc.
if this is supposed to be a new economy, how come they still want my old fashioned money?
How is that not probable cause for a warrant?
Police: Sir, open up, we're here to search your house.
/sarcasm
You: On what grounds?
Police: On the grounds that your name, Bill McGonigle, bears a striking resemblance to the known terrorist, Bill McGonicle.
Yeah, that is totally ok.
They missed the Boston bombers because they are spying ON EVERYONE instead of focusing the spying, based on probable cause, on the correct folks.
Liberty.
I would have expected them to include the original cyrillic name and all the /obvious/ transliterations in their database, but that's apparently way beyond their capabilities.
Good point highlighting how Slashdot still doesn't support Unicode in 2014 by the way...
You gotta love this rewrite of history. Let's go back to when the Soviet Union was invading Afghanistan shall we...
It was Saint Ronald Reagan in office who proclaimed those very same people who later did the attacks as "freedom fighters" worthy of illegally diverting funds for arms (look up Iran-Contra Scandal). Every republican loves to trot out that old red herring "Since 9/11 we haven't been attacked again." completely ignoring who was in power on 9/11, the anthrax attacks and the sniper attacks at the time. If the TSA was truly effective, then the underwear bomber, the shoe bomber and yes, even the 9/11 attackers themselves wouldn't have made their way onto those planes to begin with since everyone of them were supposedly on watch lists...
The TSA is, and always has been, nothing more than security theater. It is 100% reactionary to threats that either were successful or attempted. Someone tries to put explosives in their shoes, we all have to have our shoes off. Someone tries to get explosives in their underpants, we all have to go through invasive searches of our private parts. Someone uses a sharp object to cut the throats of flight personnel, they take away nail clippers because they can be sharp. It is rumored that explosives can be in liquid form so they ban all liquids, even unopened bottled water.
I will agree with you on one point though, it was a FULL Congress that passed the Homeland Security Act and the Patriot Act. It was the FULL Congress that renewed it too. So in that regard it was both parties that enabled this shit.
Genius!
Just use a current search engine but with a future database and actch all terrorists! Why didn't anyone think of that?!
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Find a time machine, go back to *before* the attacks, and try that again.
But Obummer is keeping you safe!!!
Most people here understand that the issue of the creeping security state is not left or right, Republican or Democrat. The parties have shown us that they are both interested in increasing surveillance and curtailing our rights. Why have you not grasped this yet?
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
I've been and they scanned and typed quite a lot, so I don't know if they used my data from the machine or human readable zone.
But then again. It wouldn't be that easy. Your link states that the machine readable zone contains the ICAO transliteration. You may have that, but you can't check for any other transliterations unles you have the original name that you can try various transliteration systems on. Transliteration works like a hash function here: you can't run it backwards to see the original input. Similar, yes, but our whole problem is that "similar" has been missed at least once so far.
Diving deeper into your links I found that information here: http://en.wikipedia.org/wiki/R...
It seems that the method used for passports and other official documents changed quite frequently: 1997, 2010, 2013. Depending on the year the records were created, different systems may have been in use, leading to this oversight. And they will continue running into that kind of problem until they leave behind that 1970's computer ASCII code and move on to Unicode.
The rule of thumb that any non-western alphabet belongs to some backward country and can be ignored holds no longer true.
bickerdyke
True that.
I still note how the Democrats and Republicans are so divisive, but when it came to the "Military Enabling Act" (I forget it's official name) well, the Dems and Reps got together late on a Friday night and passed a bill that could make a person "not a citizen" based upon suspicions of un-American activity.
We all get swept up in the rancor of the Dog and Pony show, and behind the scenes, Congress can show quick, bi-partisan coordination. If it helps you and me; then it's going to be controversial. If it empowers them and helps their benefactors -- it happens quickly and without a fight.
>>"ad space available -- low rates!!!"
Indeed. I just tried it with Sql Server:
Select Soundex('Tsarnaev')
--returned T265
Select Soundex('Tsarnayev')
--returned T265
Coder's Stone: The programming language quick ref for iPad
Every time you make a mistake the errorists wins.