Schneier on Security
A blog covering security and security technology.
« Ransomware |
| Airline Security from the Point of View of the Pilot »
July 23, 2007
Terrorist Watch List: 20,000 False Alarms
Why does anyone think this makes security sense?
The Justice Department's proposed budget for 2008 reveals for the first time how often names match against the database, reporting that there were 19,967 "positive matches" in 2006. The TSC had expected to match a far fewer number 14,780. The watch list matched people 5,396 and 15,730 times in 2004 and 2005 respectively.
The report defines a positive match as "one in which an encountered individual is positively matched with an identity in the Terrorist Screening Data Base, or TSDB."
It's not clear from the report whether those numbers include individuals whose names only coincidently match one of those on list, such as when Sen. Ted Kennedy was confused with a former IRA terrorist also named Kennedy.
The watch list has been hounded by these mismatches, which have included small children, former presidential candidates, and Americans with common names such as David Nelson.
How do I know they're all false alarms? Because this administration makes a press splash with every arrest, no matter how scant the evidence is. Do you really think they would pass up a chance to tout how good the watch list is?
EDITED TO ADD (8/28): The Washington Post just got around to writing an article on the topic, and Dan Solove has some good commentary.
Posted on July 23, 2007 at 1:39 PM
• 48 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Given the TSA's current incompetence, creating a loophole for children under 7 for example, would only create a deluge of bearded, full grown men bypassing security with a library card showing them to be 6.
Why do I believe that instead of fixing this problem they'll just make it more difficult (and illegal) to film check points?
"Why not earlier?"
Because they must allow time for the TSA agents to be notified of the change, so that when lighters are allowed, passengers will get into arguments with fewer than half the agents they encounter when trying to bring lighters aboard.
I was going to ask what a "complex lighter" might consist of, but the referenced story is more explicit.
More whining. Seriously, you are so ready so surrender that you should just move to France or something.
What exactly would you do instead? Do you really think there are many 80 year old white grandmothers who hate America to try to repeat 9/11?
Profiling has WORKED - we haven't been attacked since then. Combined with fighting al Qaeda in Iraq so we don't have to fight them here, I would say that the President is doing the best job he can in very difficult circumstances.
How come you and the other lie-berals like you try to sound educated on military matters when your background is in geeky ivory towers anyway, huh? It's a good thing we have men and women with some spine making our security decisions instead of traitorous wimps.
It's always amusing (and a dead give-away) how governments tell us that:
1. There are only a handful of terrorists - dead-beats and lunatics.
2. We have killed 136,998 of them, and there are now estimated to be 7 million left.
Oh, sorry - I forgot the last one:
3. Our actions have not increased the number of terrorists in the slightest.
Forgive my naiveté, but I thought the no fly list was applied before people boarded an airplane. So for international flights outside of the feds jurisdiction, it very well could have matched terrorists with out resulting in arrests. I don't think all 19,967 of them were terrorists attempting to board planes destined for the US, but some of them very well could be. I'd like to see the break down of where the flight of origin was for these denials. it wouldn't completely remove all of the false positives ( or even half most likely) , but it would remove some of the more obvious ones.
In any case, it would lead to some interesting discussion, or at least another blog post ;)
@A Real American:
"we haven't been attacked since then"
uhm... and how many times were we attacked before?
"Real American": We sound this way, because we are this way.
Me, I'm an Army interrogator, have been for fifteen years. I also happen to think real security is better than false security, and that security theater is bad for the nation/world.
Not that I think you will, but look up the idea that correlation does not equal causation.
Or, to quote those folks who still believe there were WMDs, lack of evidence does not equal evidence of lack.
Just because no one has attacked us (apart from a whole slew of domestic terrorists, who all happened to be white, and Christian, but I digress) doesn't mean the profiling is why, any more than the cock crowing is what makes the sun rise.
Given what is at stake, the government would probably rather be asking for forgiveness at false alarms than explaining why they missed one. I know I would. Not that I think they are doing everything right (they aren't), but what do we expect? The very people who complain about everything they do (regardless of whether it is right or wrong) are the very ones who will demand to know why they didn't "connect the dots" after the fact.
If they actually told us the number of terrorists/criminals caught by the List, it would be extremely damaging information.
It is not hard to show that an estimate of the "True Positive Probability" TPP (probability you will be caught given you're a terrorist or criminal) is
TPP = (N(PT) / Ntot) / P(T),
where N(PT) is the number of bad guys caught, Ntot is the total number of travellers, and P(T) is the prior probability that any particular traveller is a bad guy.
Let's say, for the sake of argument, that P(T) is about 1/100,000, which is probably much too low (one wanted criminal per 100,000 passengers?), but what the hell. We know Ntot is about 700,000,000 passengers per year. Since those contain duplicated individuals, lets be generous and reduce the number to 100,000,000 unique passengers per year.
Let's say the government actually busted 100 bad guys last year, and kept them all secret, just to spite Bruce.
That means that TPP is about 100 * 100,000 / 100,000,000 = 0.1. There's a 10% chance that an actual criminal will be caught by the list, optimistically. If the government only made 10 busts, TPP=1%. If I were a bad guy, I wouldn't be too worried about those numbers.
From a citizen's perspective, the worth of the program is determined by a cost-benefit analysis. Is a 1-10% chance of catching a bad guy worth treating 20,000 innocent people a year as criminals?
Rhetorical question. I vote no.
The quote comes from the SETI community... "absence of evidence is not evidence of absence"
@A Real American
If profiling and other security theatre crap really worked, why does the US still have massice problems with immigration sumugging and drug smuggling? Shouldn't all of those people been caught by the same processes?
I'm sure it's been discussed here before, but perhaps they should add DOB to the list, not just firstname lastname and variants of either.
Heck, even DOB +/- 10 years would likely cut the FAR in half.
Simple name matching to suspected terrorists is silly. Why would someone, who knows he or she is on this list, bother travelling under their own name?
It's a waste of taxpayer time and money.
I don't agree with throwing up our hands and accepting a minimum level of terrorism, but I do think every measure taken should at least do something.
This one does nothing.
This might make security sense, depending on what the cost of a false match is to the person and to society as a whole. The article suggests that many people of these false alarms lead to the tagged person getting extra searching. If the cost is, say, 15 minutes of extra searches, we're looking at about 10 man-years of time (assuming 3 TSA employees plus the person tagged, and defining a man-year as 40 hours/week by 52 weeks). That's a pretty small price tag. If that's the price, and it has even a minor benefit, it might be worth it. It may be effective at scaring away dumb (but still dangerous) would-be-terrorists, it might be a good investment. Now if the price tag is 20,000 people being denied flights, or being arrested for a few hours, the numbers change.
I certainly don't have the necessary information to judge the system. I think American citizens have a right to more information so that we can judge what our government is doing. And perhaps in the absence of government giving us that information, we should assume the worst. But I can't say unequivocally that this is a bad security trade off. (Unlike the liquid restrictions, which mind-bogglingly pointless.)
i heard that Bruce is on it now too
I suggest creating a new watchdog agency just to administer the terrorist watch list and the no fly list and other such lists. It could be called the Patriotic List Agency, and they would be charged with enlarging current lists and creating new lists. Lists of suspected terrorists, lists of persons who might possibly become terrorists one day, lists of persons who voted for Nader, etc.
I feel that the current set of lists has been so successful at keeping people safe that you can never have enough of a good thing.
I think this is imply more proof that not one single actual terrorist (to my knowledge) has been caught by the no fly list. Millions of dollars, hours and stress and nada. This is government in action.
I believe the largest problem we now face is a government credibility gap. Seeing the stupidity and arrogance of the current administration, I have NO TRUST left in the government as a whole. Individual departments as a whole might actually get things done, but I repeat, I have NO CONFIDENCE in our elected leaders. They are bunch of evil, wasteful goons who purposely implement stupid, wasteful programs to get more money, more power and more secrecy.
I'm putting the entire government on my personal "No Fly" list; as in, none of their ideas "fly" with me anymore.
Bruce Schneier does not worry about the Terrorist Watch List (TWL) because he travels by quantum tunneling.
The TWL does make some sense (but needs improvement) for the surprising reason that terrorists often travel using their own name or a known alias.
Of the 9/11 hijackers, they all traveled using a valid ID or known alias, and I recall (from the 9/11 report) nine of them were selected for additional screening. Unfortunately, the screening was to prevent non-suicide/suicide bombing of an airliner. Given the hijackers intent to capture the planes and use them as guided missiles this screening had no deterrent effect.
This selection was based on CAPPS, a system which was not based on an individuals name but rather on the risk profile (not ethnic profile) of the passenger.
Regarding the tsa.gov link about how simple lighters will be allowed...
...you gotta LOVE how they explicitely separate knives/blades, lighters and clubs/bats from "Dangerous Items". If these things aren't dangerous, why are they not allowed?
@A Real American:
A man walks on the street, and sees another man, wildly waving his hands. "What are you doing?" "I am scaring away tigers." "But there are no tigers here." "See? It works!"
Interesting tidbit from the referenced article:
"Officers who encounter a person on the watch list are put in contact with an employee at the center, who then directs the officer to arrest the person or to try to get valuable details that can be reported back to intelligence agencies."
Say what? Some outsourced secudroid on the phone decides on arrest???
I can see it now:
"Your freedom is important to us. Please remained detained while our security representatives are depriving other citizens of their freedom"
@ Sez Me
I would not hold my breath waiting for the government to catch a terrorist sneaking in through security, and I say this in view of the large false positive rate. Having turned up 20,000 false positives in 2006, it was already by then SOP to treat every positive as, eventually, a false positive. Some positives were held up longer than others, but everyone was eventually let free.
Knowing that they only have to wait it out, confident that they will slip through undetected as the few true positives the system has encountered, a gang of terrorists can easily gain entry.
It is precisely because the search method in use -- indiscriminate screening -- is by nature doomed to failure that makes all this such a sad, sorry joke.
And Bruce's hunches are on the money. If they caught any terrorist, even one the FBI created so it could 'catch' him, they would spread the news far and wide, and we'd all be sick of it within the first minute.
@A Real American at July 23, 2007 03:15 PM
Well if Bruce is a traitorous wimp, then I must be one too. Heck, now that I look around, there are a lot of us.
There seem to be many facutal errors in your posting. For instance, it is widely understood that Al Qaeda was not in Iraq until we allowed them to be. Etc. etc.
"lie-berals" too, eh?
Why not stop name calling and stick to arguing the facts.
This blog and its comments have quite a good reputation of that.
"We haven't been attacked since then." - want to buy my lion-repelling rock? I haven't been eaten by a lion since I use it, so it must work.
@"A Real American"
>> Do you really think there are many 80 year old white grandmothers who hate America to try to repeat 9/11?
Google "Oklahoma City bombing," total the dead and shut your mouth. Angry white men are as dangerous as any other angry men. More so as they are more likely to have combat arms military experience and to know this society's weak spots.
>> Combined with fighting al Qaeda in Iraq so we don't have to fight them here,
Saddam did a great job of keeping al Qaeda out of Iraq until we took down the Iraqi government and invited them in. The enemy of my enemy is my friend, which only works if you don't declare war on the whole world at once.
>> I would say that the President is doing the best job he can in very difficult circumstances.
I would say that no man is above the law. I have said, repeatedly, to my Congressional representatives that the only remedy to rid America of the man who did the most to single-handedly empower Islamic fundamentalism in this century is to immediately impeach the SOB.
>> How come you and the other lie-berals like you try to sound educated on military matters
We don't need to sound educated. We ARE educated. You might try some.
>> It's a good thing we have men and women with some spine making our security decisions
Who are so afraid of being called into court to account for their actions . . . and have the spine to ignore and disrespect such fundamentals as Constitutional rights, liberty, and the freedom to speak and publish.
>> instead of traitorous wimps.
The Constitution has an exact definition of "traitor." As in giving aid and comfort to the enemies of America. I won't descend to your level -- but consider this carefully. By splitting America into two groups: the group that happens to agree with your prejudices, and the rest of us, I believe that YOU the one giving "aid and comfort to the enemy."
When I enter a TSA checkpoint, I am forced to enter a space where the enemies of America and of freedom have already won. How much more are you asking us to surrender to the specter of fundamentalism and the reality of security-as-tyranny?
This strikes me as analogous to an IDS on a network segment.
I wonder how reliable an IDS that produced that number of false positives would be considered. Perhaps the list and it's enforcement could benefit from some of the techniques used by IDS management firms to weed out false positives.
I love how they phrased the answers on the TSA site: "Lifting the ban is a common sense" or "TSA's common-sense approach". Why do I feel they suddenly feel an urge to let everyone know they have heard of common sense?
I believe Bruce has mentioned before that knowing the real *name* of the person sitting next to you on a plane is irrelevant, but knowing their *intention* is important.
And unfortunately, we can't know their intention until they make it clear.
I've often heard the argument: "How do you know you're not sitting next to Osama bin Laden?"
However, if I looked over and saw OBL in the seat next to mine, I could fall asleep, comfortable in the knowledge that this is one plane that will *NOT* come under attack by al Qaeda. He would never put his own life in danger, but only those of his followers!
And his reward just got doubled.
Sure, if bin Laden is sitting next to me I can confidently figure that Al-Qaeda won't attack the plane, but I'd be worried about the US Air Force and the police on the ground at our destination. And about the chance, if we all survived the flight, that I'd be followed around and have my mail opened, or arrested, because someone decided that the passenger sitting next to bin Laden was thus a "known associate" of his.
re Sky Harbor, news reports claim it's been wide open on the night shift for years now, but nothing has happened. Why doesn't this cause anyone to question whether maybe there really is not the danger that alarmists claim?
Or, @A Real Amurrican, it shows that the absence of intensive inspections has prevented attacks for those four years...
Blame the current administration all you want, but at least be honest that nothing is going to change no matter who wins the next election. There is not a single candidate, senator, or representative talking about abolishing the no-fly list or the TSA... or about tackling security issues instead of political feel-good theater.
Instead everyone talks about how they would do it better. This is code for: "i won't eliminate the bureaucracy we have created, I will just make it bigger."
The main problem with turning over security to a bureaucracy is that bureaucracy has no motive to do anything other than cover it's rear. If there is an airline related attack, this agency merely has to show they did everything they were told to the letter, no matter how stupid it was. If more could have been done, they would merely say they weren't empowered to do that, and a law would immediately be drafted up to bureaucratize that very thing that might have been a real security issue.
Once it is bureaucratized, it is subject to civil service, which means we hire the least qualified people, pay them the least, and then can't fire them if they do a bad job. We also can't raise tha pay of those doing a good job, creating the kind of apathy and work ethic you see at your local department of motor vehicles.
No, voters have to completely change their mindset about what they want from government, and stop voting for whomever will give them the biggest handout... whether its a targeted tax credit or social spending.
Does anyone else get the feeling that the 'president' doesn't really want OBL caught?
I mean, if you're using a boogey-man to subjugate the freedoms of your society, it wouldn't be very helpful to actually *catch* the bugger, would it?
From the TSA posting:
Q. Does your lighter need to be in a baggie since it contains liquid?
A. No. TSA's common-sense approach harmonizes with worldwide standards for lighters.
Common sense approach? Given the recent posts here about usb chargers and the "dangerous" liquids disposal, where is the common sense?
Gee... I wonder how many terrorists are going to use their real name when flying? How about zero. The value of the no fly list? ZERO. If the idiots that we have placed our trust in protecting us would simply attach a PICTURE of all these bad people, would it not eliminate the 20,000 false alarms caused by using names alone? Let's not expect for THEM to figure this out! Since we spend about 40 billion on the DHS annually, they must feel that they have to do something, anything, to at least appear that were getting our money's worth. But instead, they create ridiculous, ineffective programs that seem only to appeal to the Bush-loving morons, offers NO increase in our security, violate our constitution, and are an affront to real Americans who value, respect and wan't to protect our constitution from any further erosions caused by Osama Bin Bush and his den of terrorists.
Osama took down 2 buildings and 3000 people. Osama Bin Bush took down our constitution and killed 3600 Americans.
HMMM.... Evil twins separated at birth?
"I don't think all 19,967 of them were terrorists attempting to board planes destined for the US, but some of them very well could be."
The no-fly list only applies to flights in, to, from or over the US. This planet is not yet ruled from Washington DC, however much some people evidently think it should be.
Setting aside for the moment the comments of the pridefully ignorant Real Americans (tm), how do we fix this waste of our time and taxes?
I have zero expectation that any mechanism of our current government will act to correct at least scale back the No Fly List or other Theatre.
As a process engineer, I've found that many systems I'm expected to fix are functioning as designed, but were designed to generate an ineffective or even damaging result. These sytems can't be fixed by incremental adjustment, but instead must be completely broken to prompt examination of the design goals.
The TSA Security Theatre and other antics of this administration are disturbingly resistant to logic and facts, so pointing out inconsistiencies and ineffectiveness will have no result.
Instead, the system must be used against itself, taking the TWL system from merely annoying to completely preposterous and unworkable. I propose the following argument/changes:
IF the TSA or other govenment agency has enough evidence of terrorist linkage to put a name on the List, why are airports the only place people are screened against the list?
Shouldn't the List also be applied during traffic stops, entry in to government buildings, and any other time the public comes into contact with a government agency? Isn't it a dereliction of duties not to do so?
Get it into the courts, force the TWL screenings to be expanded as far and wide as possible. This is playing by the current administrations rules and tendancies: They can't argue against the need, since they constantly hype the risk of terrorism. The administration also can't play their well-worn National Security Secret card, as the DHS never has to reveal the List or any of the alleged evidence of terrorist connection.
Expansion of screenings is the only thing that makes sense considering the great dangers we face, no?
Most law enforcement agencies already have mechanisms in place to screen for "most wanteds". Why are we waiting for evildoers to try to get on a plane? Go get them where they live and work.
Now, all we need is a congressperson with the nards to actually lead instead of pander to propose this expansion.
They kept Cat Stevens out of the country.
We should all feel safer.
@ Alan De Smet
15 Minutes per 20 000 people, but you forgot the seconds for the 700 000 000 and the time to produce the system and keep it running.
That's 110 years (not man-years) for 700 Mio., assuming 5 seconds per passenger - about 500 manyears, alone - probably the biggest part of the whole calculation.
But wait - it's not the 5s /passenger - there is an employee waisting these 5s per passenger too:
1000 manyears that way.
I like the DOB idea. If the gov't doesn't want to guess at the DOB, even +/- 10 years, then including the date the name was added to the list would help.
My son has a common name which is on the list. We were stopped when he was an infant in 1999. Adding an exception for youth under the age of 7 won't help him any more.
But having an exception for anyone born after the date the name was added to the list or even in the 10, 15, 18, 21 years (pick a number that reflects the youngest terrorist on the list) prior to when the name was added would cut the number of false alarms.
I really enjoy reading comment boards like this one where so much is left to opinion:
"How do I know they're all false alarms? Because this administration makes a press splash with every arrest, no matter how scant the evidence is. Do you really think they would pass up a chance to tout how good the watch list is?"
Still, it would be useful to define "know" vs. "think".
@Durable Alloy: Does 1993 ring a bell? How about USS Cole?
@pecunium: I think we should impeach Hillary. She said Iraq had WMDs a lot during the 90's.
Why should we even watch airplanes? it is far easier to fly, legally, into Mexico or South America, then walk in. That's how some of the 2001 bombers did it, under Clinton's watch.
If there weren't so many idiots in the U.S., we'd all be safer. Profiling works for the Israelis, but since we are so PC, we aren't allowed to do it. Securing borders works, but we aren't allowed to do that, either. Gubment agencies sharing data (data reuse) works, but someone thought up the fallacy of "Constitutional Right to Privacy."
Here's some education about the Constitution, phrased in a way most here will understand:
The Constitution is like a firewall ruleset. Everything in the main body of the Constitution is an explicit power granted to the Federal Government. Everything in the "Bill of Rights" is, as Hamilton wrote, "various exceptions to powers not granted." In other words, they are explicit restrictions on actions the government hasn't been given the power to do anyway. The 9th Amendment is the "Default deny" clause:
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people."
So, all in all, we have NO "Constitutional Rights", only "inalienable rights." That will make some of you happy, considering it means the Government can't take away rights it didn't grant us. It will make others angry because it implies that we have certain inalienable rights endowed upon us by our Creator. Gee, I wonder whether I'd rely on rights that can't be taken away, or rights that can be taken away by judicial fiat...
If we did security right, all of the Bush haters would be screaming. Since he's not allowed (or capable, the jury is still out in my opinion), the Bush haters scream.
The funny part is that if Clinton or Gore were in office and were telling us that terrorism is a "law enforcement" matter like we heard throughout the 90's, all of the Bush haters would be more likely to die, but less likely to be angry.
Look up Jamie Gorelick.
@xrey: "And his reward just got doubled."
Ho-Hum. If they *REALLY* wanted to catch Osama and his top henchmen, they'd offer a *REAL* reward. we've spent hundreds of billions of dollars on this "war on terror", with very little to show for it in terms of top Al-Qaeda members brought to justice (or killed, which may or may not be the same thing).
Take the next special appropriation for the "War on Terror", and apply it to *actually* bringing down al-Qaeda, by shattering the web-of-trust required to maintain a clandestine operation. Say, a nice round 40 Billion. Half of that goes to fund and operate a claims-checking organization, and monitoring reward-claimants (they have to make themselves known to us, to claim a reward). The other half is for rewards: 1 Billion each for the top 10 al-Quaeda personnel takes care of half our reward-money. The remaining 10 Billion goes for the "small fry": a cool million each for any verifiable al-Qaeda operative (we have enough to pay for ten thousand of these - probably more than there are al-Qaeda members).
Sure, some terrorist-types will turn in others just to get the money - that's the point! Make it so they can't trust each other. Many will try to turn in innocent victims. That's why half the money goes to a claims-verification team.
Once somebody collects a reward, you simply keep an eye on them thereafter (heck, maybe you even offer to put them in a well-monitored "witness protection program" to protect them from reprisals).
Basically, offering more reward-money than the GNP of many small nations completely changes the dynamic.
I know, it's actually a terrible idea, a complete pipe dream. But, I honestly think it would be a better waste of our money than deliberately sending thousands of our citizens out to get killed for no perceivable benefit in terms of Imperialist Hegemony, Oil Prices, International Prestige, Domestic Affairs, or Culture in general.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.