Slashdot Mirror
TSA Missed Boston Bomber Because His Name Was Misspelled In a Database
schwit1 sends this news from The Verge:
"Tamerlan Tsarnaev, the primary conspirator in the Boston Marathon bombing that killed three people, slipped through airport security because his name was misspelled in a database, according to a new Congressional report. The Russian intelligence agency warned U.S. authorities twice that Tsarnaev was a radical Islamist and potentially dangerous. As a result, Tsarnaev was entered into two U.S. government databases: the Terrorist Identities Datamart Environment and the Treasury Enforcement Communications System (TECS), an interagency border inspection database.
A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
That's a bomber, I mean bummer.
Table-ized A.I.
The TSA is operated by some of the most incompetent people the USA has to offer. They are the problem, not the hardware or software. I fail to see why they should get a "free pass" here on account of a bad database entry. Heads should be hung over this, especially considering the justifications thrown around for the continued existence of the TSA.
I've seen this story about Russia giving us warnings about the Boston bomber floating around elsewhere recently, why is this news now? We knew this back in 2013.
Despite the misspelling, the FBI interviewed him and determined he was no threat (unlike his friend who they interviewed after the bombing, and shot to death during the interview).
So what would it have mattered if airport security searched him after one of his trips to Russia? It's almost certain he wasn't carrying anything that would have got him arrested.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
soundex
Levenshtein distance
Hamming distance
More like this, can't be arsed to go looking them up, though. Those were three I knew off the cuff.
I think the tacit implication here is that if Tsarnaev had been questioned on exiting the country the Boston Marathon bombing might have been averted, but is there really any substance to this? Do we think he would have changed plans had he been questioned? Pressure cooker outlets would have been alerted to refuse to sell him cookware? What exactly would the outcome likely have been had he been questioned?
Wir sind geboren, um frei zu sein - Rio Reiser
News at Nine: transliterations of names can be tricky... Some parts of the world use different alphabets...
It was not misspelled, it was just transliterated differently. The original name is Cyrillic, and "Tsarnayev" is actually closer to how it is supposed to be pronounced, but "Tsarnaev" is the more usual letter-for-letter transliteration that doesn't distinguish two modes of Russian "e" (it's pronounced as "e" in general, but as "ye" after vowels and at the beginning of words), and is the one that's usually used in passports. I wouldn't be surprised if "Tsarnayev" was how it was spelled in the documents that they've got from Russia, because the person on the other side translated it phonetically...
Either way, this points at a glaring issue in all those databases. If they require a perfect match, they're going to be very flaky for all kinds of foreign names - ironically, Arabic ones especially, which I assume are the most commonly searched ones. Remember that whole Qaddafi vs Gaddafi vs Kaddafi in US press when Libya was on the front pages?
Yet another evidence that all this stuff is little more but security theater. It doesn't matter whether it actually works, so long as people are convinced that it does. Unfortunately, they actually let a real terrorist through this time...
I've written about this before; I used to write financial software for a living, and one of the requirements for a US bank was to provide a mechanism to detect transactions by an unauthorized person.
In short, the govt. provides a list of bad people in a text file. One name per line, all upper case, like it came out of an old batch system. We then check to see if the sender or receiver of any transaction /EXACTLY/ matches that string, case insensitive. If it's an exact letter-for-letter match, there's a flag that's set and the transaction is delayed, but it appears to go through as normal(*). What happens after that is the bank's responsibility, but that's the whole of the complexity.
Whoever made the list usually has a few variants of spelling; OSAMA BIN LADEN or OMASA BIN LADEN or OSMA BIN LADEN, for example. But that's it. Just spelling your name slightly differently is enough to avoid the flag. We're literally not allowed to add anything else, like soundex matching or handling foreign letters.
This is ~probably~ also how the TSA no fly list works, and why you still hear about false positives from time to time. It's also probably how any security works until it's been around for 20 years and they hire a contracting company to make them really good software that does what they want, instead of what they think they want it to do.
It just takes a very long time for software designed by a legislative committee with no technical awareness to morph into something usable, but that's government for you.
* - most transactions are not sent out until the end-of-day reconciliation anyway, so it looks like it's accepted like most other transactions, probably in a 'pending' state in your online balance - unless you're paying for a wire transfer or something.
Great, so now not only if we are a namesake with a wanted "enemy of the state", but also if our names are soundex or Levenshtein Distance 3 similar, we are going to get detained, cavity searched and otherwise.
Science advances one funeral at a time- Max Planck
Neither "Tsarnaev" nor "Tsarnayev" is the correct spelling; the correct spelling is "ЦÐÑнÐÌÐÐ".
As another commenter mentioned, utility companies solved this problem decades ago with technology like Soundex. Our intelligence apparatus is apparently crippled by incompetence, laziness, haste, provincialism, or all of the above.
That fiend had changed his name to "Tsarnayev'); DROP TABLE Terrorists; --"
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Seriously, this entire organization encompasses everything wrong with the Federal government. Massive privacy overreach, complete incompetence, and a literal NIGHTMARE BUREAUCRACY! This is one of the worst aspects of the Bush legacy, and "The One" has not done anything to curtail its power: http://www.cnn.com/2010/TRAVEL...
The most advanced systems in the world will never outpace human mistakes.
If you type "Tsarnayev" (the way his name was incorrectly spelled" into Google, the first match is: wikipedia.org/wiki/Dzhokhar_and_Tamerlan_Tsarnaev
So I'll call bullshit on your claim, and also note that the database entry error was only the last in a long series of events. (try reading the article)
The problem was not "human mistakes". The problem was a string of incompetent and corrupt police and FBI agents. Mistakes are accidents, the string of fuck-ups in this case were anything BUT mistakes.
This is a clear case of "blinded by data".
Exactly. This is clearly all Bush's fault. Glorious Leader Obamessiah never does any wrong.
Yes, actually you could argue it's Bush's fault, and the GOP's fault.
You see, they were too busy crying about Clinton's jizz on a Blue Dress to pay attention to some guy named "Bin Laden" who was blowing up embassies. They got so pissed at Clinton for launching cruise missiles at training camps that after he left office, Bush completely halted all operations against his network. Then they proceeded to ignore multiple public warnings and threats, and after the first airplane hit the tower Bush felt it was more important to finish reading "My Pet Goat" to some kids than it was to immediately ground all commercial air traffic in the region.
For the record, I'm a Conservative. But I'm not an idiot, either, and can do more than puke up "clever" insults I heard on Rush's nutjob radio show.
I'm not at all disputing the idea of what you're saying. In fact, I agree that incompetence let this guy through.
However, your example of googling this guy's name is a particularly bad one. Google's autocorrection algorithms are based on the popularity of terms and their similarities. Since the bombing, surely this name would have been googled millions of times.
Do you really suppose that Google would have made such an accurate correction before the Boston attacks that madetheir family name infamous?
It should have been: Archibald Tuttle
Sdelat' Ameriku velikoy Snova!
How is that not probable cause for a warrant?
Police: Sir, open up, we're here to search your house.
/sarcasm
You: On what grounds?
Police: On the grounds that your name, Bill McGonigle, bears a striking resemblance to the known terrorist, Bill McGonicle.
Yeah, that is totally ok.
I would have expected them to include the original cyrillic name and all the /obvious/ transliterations in their database, but that's apparently way beyond their capabilities.
They missed the Boston bombers because they are spying ON EVERYONE instead of focusing the spying, based on probable cause, on the correct folks.
Well, yes. But, paradoxically, failure earns the spy agencies more funding.
"If we had been provided with enough resources, we could have caught the bad guys!"
The solution is to limit (yet again) exactly who they can spy on. These children need to be spanked, not rewarded with ice cream.
Good point highlighting how Slashdot still doesn't support Unicode in 2014 by the way...
Heck, my Father in law spent most of his childhood writing his name wrong when his parents forgot how they'd spelled it on the birth certificate! He found out about it when he got his driver's license as a teen...
I mean, if a kid's parents can't be trusted to spell a guy's name right, how do you figure a secretary is going to get it right 100% of the time?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
But Obummer is keeping you safe!!!
Most people here understand that the issue of the creeping security state is not left or right, Republican or Democrat. The parties have shown us that they are both interested in increasing surveillance and curtailing our rights. Why have you not grasped this yet?
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)