Schneier on Security
A blog covering security and security technology.
« Ubiquitous Surveillance |
| Sending Photos to 911 Operators »
January 19, 2007
No-Fly List to Be Scrubbed
After over five years of harassing innocents and not catching any terrorists, the no-fly list is finally being checked for accuracy, and probably cut in half.
Yes, it's great to see that even the threat of oversight by a Democratic Congress is enough to get these things done, but it's nowhere near enough.
The no-fly list doesn't work. And, of course, you can easily bypass it. You can 1) print a boarding pass under an assumed name or buy a ticket under an assumed name, or 2) fly without ID. In fact, the whole notion of checking ID as a security measure is fraught with problems. And the list itself is just awful.
My favorite sound bite:
Imagine a list of suspected terrorists so dangerous that we can't ever let them fly, yet so innocent that we can't arrest them - even under the draconian provisions of the Patriot Act.
Even with a better list, it's a waste of money.
Posted on January 19, 2007 at 7:14 AM
• 41 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Who will be in charge of scrubbing the list?
Should we not think of security in layers? I can always find something wrong with each layer, but taken as a whole they do something. Plus, each layer deters someone.
@ George: Every person on the list will receive a form on which he can self certify that he is not a terrorist by ticking a check box.
This week's episode of "Boston Legal" had a rather humorous case involving the no-fly list. It resulted in some nice pokes at DHS, TSA, etc.
Good news is good news, don't complain too much.
Some more good news is that someone in your Senate actually spoke some sense. Quoting the Globe and Mail:
Under repeated broadsides from Mr. Leahy, the Attorney-General sought refuge in the oft-repeated administration refrain that it had sought and received assurances from Syria that Mr. Arar wouldn't be tortured.
"We knew damn well, if he went to Canada, he wouldn't be tortured," thundered Mr. Leahy. "We also knew damn well, if he went to Syria, he'd be tortured. And it's beneath the dignity of this country, a country that has always been a beacon of human rights, to send somebody to another country to be tortured."
Well, it's not so much being "scrubbed" as "reduced." What I think is just as important, if not more, is the last bit:
"Also Wednesday, the Homeland Security Department launched a new program for passengers who feel wronged to try correcting the list.
The program will give travelers "a clearly-defined process" to report problems, said Homeland Security Secretary Michael Chertoff in a written statement.
Beginning Feb. 20, the program, dubbed Traveler Redress Inquiry Program, will serve as a central processing point for all inquiries about Homeland Security agencies' databases."
That's assuming of course that they new program actually does what it's supposed to, rather than just take complaints and laugh at those inconvenienced by the no-fly list.
"Should we not think of security in layers? I can always find something wrong with each layer, but taken as a whole they do something. Plus, each layer deters someone."
Of course we should. Layered security is the best. We should also think about the costs and benefits of each layer, and the overall security as a whole.
This layer isn't worth it. There are far better things we can do with our security dollar.
@Bruce: please choose your title words more carefully next time. At first glance I thought you meant abolished. :(
This list is, in effect, punishment without any messy due process being involved.
Imagine, one day you go to the airport and discover you can't fly. You were never informed of this. You were never given a chance to defend yourself in court. You have no realistic appeal available to you. Without any visible process, the government has forbidden you to use a very widespread and important form of transportation.
It's amazing to me that people still put up with it. Scrubbing the list is good, but it should be eliminated, and nothing will be too soon.
Don't get your hopes up to high. Senator Leahy, proudly, has been the sponsor of some of the most insidious legislation in U.S. history.
Most kindly, the term "Useful Sheep" comes to mind. If not for his most famous legislative achievement most of the current Bush administration "wiretap" scandals would've either been technically not feasible, or the telecom companies wouldn't have had an axe hanging over their heads when asked to cooperate.
Government power and it's abuse or potential for abuse doesn't worry him. It's just this isn't fitting his politics this time.
James Risto: yes, we think of security in layers. It's possible to add a "security" layer that won't deter anyone, because it's entirely redundant with existing layers.
Worse, and more relevant here, it's possible to add a "security" layer that will deter only innocent people: terrorists will fly under false names, and non-terrorists will decide it's not worth the hassle and stay home. If someone is planning to try to blow up the plane they're on, they probably don't care about the risk of being prosecuted for possession of a stolen passport. It's no more relevant to them than whether they can pay the credit card bill for their airline ticket: either they're planning on being dead in a few days, or they realize that both of those are trivial compared to murder charges.
"Scrubbed" is good. The list could use a good scrubbing. Perhaps even some disinfecting.
Still, there's really no substitute for a well applied series of folding, spindling, stapling, and mutilating.
I'm with you, Bruce. This layer doesn't pull its own weight. It's just a prop in the daily matinee of Security Theater.
@Lisa: "the Homeland Security Department launched a new program for passengers who feel wronged to try correcting the list."
Let me guess that it will go something like this: "No, we can't tell you why you're on the list. No, we can't tell you what information we have that might implicate you. Please prove to us that you are not a terrorist. No, we can't tell you how to do that."
Also, given that the system is based on matching names, they could just as well tell you that there is a potential suspect with a presumed alias that's similar to your name, so they can't take your name off the list.
What are they going to do? Issue "I am not a terrorist" identification cards? There's a good revenue opportunity.
Duncan, let's be frank (apologies to Bruce if this is too blunt): Leahy is a turd, like almost all other politicians. The dramatic interaction sounded more staged to me than real. In a week - when Gonzales is supposed to make his revelations - the new passport restrictions come into effect for Canadians going to the USA and a distraction is needed. But for who, I wonder? Because under the same regulations, there will be restrictions on _Americans_ attempting to leave the country by plane: they'll need a passport now, effectively making it an exit visa.
"Scrubbed" is fine, since "scrapped" would mean abolished.
@theophylact has the right idea since a kid managed to get through security by tricking the airline into giving him a boarding pass.
It's a shame we've allowed ourselves to be searched without probable cause out of fear. Yes, we should have people looking out for bad guys, though few will attempt their crimes using an ID that says they are a bad guy. Clearly, humans looking at behavior is better than assuming we're all criminals subject to search.
The Constitution protects us against such searches, but we've allowed the powerful elite to discount this protection because people don't know any better. It's this sort of "go along with authority" that gave us every tyranny known in recent time.
The problem is only partly the list itself.
The other part of the insanity is the minimum wage geniuses behind the counter. For example, if "John Brown" is on the list, I can guarantee they don't mean the 2 year old John Brown, but one of slightly more advanced years and capabilities. Is an intelligent exception made at the counter? Of course not.
On the other hand, if there were to be a bureaucratic exception installed that says "only 10 year olds and up on this list can be barred from flying", a 6 foot 7 inch "John Brown" wearing a turban, carrying 6 sticks of dynamite, wearing a sign saying "the USA will run with blood", but flashing a fake ID showing he's 9 years old could be sitting next to you on your next flight.
The government view of security seems to be based on what works in a corner shop. A list of "Don't accept a check" names taped to the side of the till works because the potential number of customers is low and the clerk will automatically deal with any accidental name clashes.
Equally, a company ID card that controls building access works because all it has to do is filter the limited number of company ID cards and reject _everything_ else. If you give all 300 million americans ID cards and expect to get the same kind of selection ability you are probably a government spokesdroid.
What about the "24" premise (don't get me started on how bad that show is) that we're monitoring particular terrorists which are inside the country so that we can gather more information? It sounds stupid to me to allow terrorists to even exist in the country, but then I remember that the US wanted the UK to hold off on arresting the binary liquid terrorists while either more info was gathered or they wanted to politically time the release of information. Of course, it is only going to tip off the terrorists that they're being watched then if no one actually picks them up when they get the no-fly match hit.
>It's this sort of "go along with
>authority" that gave us every tyranny
>known in recent time.
I'm pretty certain that was a pre-requisite throughout history!
@Urox: ..., but then I remember that the US wanted the UK to hold off on arresting the binary liquid terrorists
I believe it was the other way around, the UK wished to continue surveillance...
>Who will be in charge of scrubbing the list?
Presumably illegal immigrants. Aren't they the first people the rich and/or powerful turn to to clean up their mess?
Nah, illegal aliens are too expensive. You only use them when someone has to be physically present to clean up the mess.
This would be a perfect thing to outsource to India.
Although I hear the Russians are pretty handy with databases, and the Chinese would certainly be willing to low-ball the bid to get their foot in the door on the contract.
We need to change the no-fly list to an immediate execution list. If you show up to get on a flight and your name is on the list, the following procedure should be followed:
1. You are non-challantly surrounded by security personnel and hand-cuffed.
2. They march you out onto the tarmac and they blind-fold you and have you kneel down.
3. The leading TSA servant unceremonially shoots you in the back of the head eliminating most of your medulla killing you instantly.
4. Your next of kin is notified and your body sent to the local morgue.
In order to keep the country free, you have to execute suspected terrorists. Sometimes you have to break a few eggs...
Some might suggest that the best way to deal with terrorists would be to have proper surveillance of terrorist orgs and make sure we have plenty of agents familiar with the ideals of terrorists so that we can learn about things they plan before the intelligence agencies read about terrorist acts it in the Times. However, this would be far too difficult, time consuming, and we haven't got the training to accomplish such a difficult mission. Using old-fashioned intelligence of this nature gathering is outdated and useless.
Here's a better idea: require everyone who's on the no-fly list to legally change their name. Problem solved!
Like you said - it's a start to scrub it, but not nearly enough. This goes back to the false assumption that criminals obey laws - so if only we had a law against X then criminals wouldn't do X.
Keep bringing up this topic Bruce!
@gfujimori: Your idea is ridiculous and unworkable. It presents far too great a risk that a Republican senator, an oil company executive, or other important person will be accidentally killed this way. While allowing people on the no-fly list to walk away is a hassle, it's an important safeguard in our security process.
It's almost too much to believe. After five years of nonsense, this Administration is going to be sensible?
Let's hope so, but let's not cheer prematurely. With TSA it could be a devious scheme to make the list worse.
I suppose now that David Nelson, John Smith, Jane Lane, etc. can fly again.
/ They banned some of the dumbest people with that list.
A sanity check would say to ban the whiney babies. =;o)
@Bruce: please choose your title words more carefully next time. At first glance I thought you meant abolished. :(
Aw man.. I thought he was using the military-parlance "scrubbed," too. Any list is too much of a list. #=xoO (doh)
"I am not a terrorist!"
--Made in Afghanistan.
so what is your better idea?it is better there is a law already existing than nothing and put the blame to the govt later for being a lame duck ,dude.here we are again so many liberal issues with the democrats.when will we ever learn?
so can we imitate what protection do they have in flying el al airlines of israel.since the enthebe incident the israel did some drastic measure to prevent hijacking
Remember Total Information Awareness (TIA)? It was "scrubbed", "eliminated", and/or unathorized by Congress. Yet, it continues, and so will the no fly list, probably in a more undesirable fashion than what we know today. The administration speaks with forked tongue.
Speaking of scrubbing and lists, I recently heard a story from a friend of an OSS operative in the 40s. Apparently this man was given the job to sneak into Norway with an elite military team and personally identify German Scientists to assassinate.
Interestingly, you won't find any of the American names in the usual recounts of the sabotage operation(s), nor any mention of the assassinations:
Even more chilling (pun not intended) was that the operative later said he felt he had to quit the CIA (successor to the OSS) when years later he was told to perform a similar role, but to secretly identify certain US citizens living in America...
Even if the lists can be accurate and maintain their integrity, they may still beg the question of what means will justify a desired end.
Yes, that's my real name. Sounds threatening right. Right. I'm a 55 year old architect born in Peoria (yep there really is one.) I've been on the list since the beginning. It's even become a bit of a joke at the airport after all these years. The people behind the counter just roll their eyes and go call the TSA. I have asked many times if there's a way to get off the list, but apparently there isn't. Here in the good old USofA, you can be tried, convicted and punished without even knowing what you did wrong! I guess in this case every David Howard in the land is on the list. I figure that by just adding to the list and never subtracting that it will become so large that EVERYONE will be on it. That will of course make it easier to administer...yeah
Maybe you should just ring up the TSA to meet you at the airport - sort of like calling for customs before you land if you are flying your own aircraft internationally.
What is a "terrorist?" What is "terrorism?" The problem is that the definations are changable. Tomarrow, YOU might be the "terrorist!" We need to think about just what "terrorist" means. One could call American revolutionaries and what thy did to the Tories and their methods of attacking British troops "terrorism."
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.