Friday, December 16, 2005

Winner of the Homeland Security Incompetence Award

Bruce Schneier, security guru, rails against the extraordinary stupidity of a "watch list" for airline passengers:
Wired News: Airline Security a Waste of Cash

... Consider CAPPS and its replacement, Secure Flight. These are programs to check travelers against the 30,000 to 40,000 names on the government's No-Fly list, and another 30,000 to 40,000 on its Selectee list.

They're bizarre lists: people -- names and aliases -- who are too dangerous to be allowed to fly under any circumstance, yet so innocent that they cannot be arrested, even under the draconian provisions of the Patriot Act. The Selectee list contains an equal number of travelers who must be searched extensively before they're allowed to fly. Who are these people, anyway?

The truth is, nobody knows. The lists come from the Terrorist Screening Database, a hodgepodge compiled in haste from a variety of sources, with no clear rules about who should be on it or how to get off it. The government is trying to clean up the lists, but -- garbage in, garbage out -- it's not having much success.

The program has been a complete failure, resulting in exactly zero terrorists caught. And even worse, thousands (or more) have been denied the ability to fly, even though they've done nothing wrong. These denials fall into two categories: the "Ted Kennedy" problem (people who aren't on the list but share a name with someone who is) and the "Cat Stevens" problem (people on the list who shouldn't be). Even now, four years after 9/11, both these problems remain.
Can I weep now?

This is similar to the same problem of deciding that two health records belong the the same person. That's a hard problem, but if you use a combination of attributes (various identifiers, SSN, age, address, name) from reasonably robust sources you can make some trade-off between false matches and false non-matches. Having a national identifier (passport number) or even a state identifier (driver's license) makes the problem a bit simpler.

The reason using this in airport screening is completely stupid is:
  1. Intelligent terrorists don't want to be matched, so they'd obfuscate data they provided. Duhhhh.
  2. If name and age are the only identifiers, and the goal is to avoid misses at all costs, the error rate (false accusation) will be incredible. I'd imagine well over 10,000 to 1 (10,000 mistakes for every success, probably it's more like 1,000,000 to 1).
  3. There's no mechanism to deal with mistakes, and the outsourced vendors don't pay a price for their errors.
The matching part of this could be made to work -- through a draconian system of biometric authentication. Even then, as Schneier points out, this would only identify known terrorists, and it would still leave the option of using non-terrorists as unwitting accomplices.

Read Schneier's essay. This is a stupid program proposed by idiots and implemented by dolts. It wins the prize.

No comments: