Schneier on Security

"algorithm-detection software"? That's clever...

Elmegrahi and Tereshchuk did not have pilot's licenses. Elmegrahi was an aircraft dispatcher, while Tereshchuk was a student pilot, which is quite different from being a certified pilot.

Tabib did have a pilot's license, but I don't think his offense of export control violation qualifies as terrorism.

So in none of these three cases did they actually revoke a terrorist's pilot license.

@Mark: Certainly, without their software it would take weeks sifting through data to determine if an algorithm is present...

I once turned down a job at a company that was hot to hire - they were trying to crowd source leads on terrorism and get a DHS grant for this stuff.

The idea was this: any time anyone reports anyone as being suspicious, the suspect's information goes in the database, and the suspect's precedence is upgraded. Needless to say it's an idea that was conceived by a bunch of white guys who spent their whole lives in the suburbs.

I sat for 15 minutes and then asked the man funding it what the world would be like if we put a tail on him every time some white lady felt uncomfortable around a man with dark skin.

"Uncommon" names?

"Uncommon" means "foreign-sounding"

SELECT name FROM certifiedPilots WHERE address='PO Box. 1234' ORDER BY likelyhoodToHijackAnAirplane DESC;

@Bruce:
See 14 CFR 61.18 for "security disqualification" if the TSA says someone is a threat.

I would imagine it to be like the Bar Association, where there is enough discretion in the organisation to serve the public good in this matter.

"It used its algorithm-detection software to sift out uncommon names such as Abdelbaset Ali Elmegrahi, aka the Lockerbie bomber."

Okay, so they search fo that name. Strange how Google only turns up 263 hits for it and almost all of those hits seem to refer to that article.

Meanwhile, searching on the name "Al Megrahi" gets you a lot more hits.

"Elmegrahi, who had been posted on the FBI Most Wanted list for a decade and was convicted of blowing up Pan Am Flight 103, killing 259 people in 1988 over Lockerbie, Scotland."

So they searched on that name and found that name and he's a bad guy ... who's been in prison for a while but was recently released because he probably only has 3 months to live.

Yes, this is a press release. And not a particularly good one, either.

In addition to 14 CFR sec. 61.18, which @Pilot mentioned, there's some fairly clearly written background information on the procedures here: http://www.aerolegalservices.com/Articles/...

Also, 49 USC sec. 46111 grants a right to a hearing (to U.S. citizens) and discusses the hearing procedure. http://www.law.cornell.edu/uscode/html/uscode49/...

> "algorithm-detection software"? That's clever...

It detects names which sound like Abū ʿAbdallāh Muḥammad ibn Mūsā al-Khwārizmi

Maybe we should just arrest anyone who applies for a pilot's license? Or redirect their check flight to Gitmo?

I wonder if their "algorithm-detection" software can distinguish a hash digest from a random oracle.

I mean, that's "algorithm-detection", right?

Bruce,

Unfortunately, the airman security branch is allowed to do whatever it wants to do, with very little recourse...and any appeal you might eventually get is to an FAA administrative 'judge.'

There really is no due process when dealing with the Administration.

For instance, when those hapless pilots overshot MSP a few weeks ago, despite already being suspended by their employer, they felt the need to rush out and revoke their ATP certificates.

Completely useless, of course, as they weren't going to be flying anyway, and they could have followed the normal disciplinary procedures.

Generally, when the Administration (which is barely capable the rest of the time) does something like this, it's only a reaction to bad press, or the possibility of bad press, and they're trying to avoid having to explain themselves to Congress again.

It's all for show (but we must "do something"), and almost never for security. Of course, a hijacker or bomber is never going to be ramp checked.

Heh:) The only part missing is to start checking for FAA pilot license every time somebody climbs into cockpit.

It's not even security theatre. It's security comic club.

The pilit licenses are not much different from drivers licenses... having no license does not prevent somebody from getting into a car and driving. (And FAA plastic is quite simpler to forge... it doesn't even have photo).

The only use of that "FAA de-certification" is to tell airlines not to hire these people. As if they'd be hiring Lybian guys without verifiable resume and hundreds of hours logged in US - and forgo security checks needed to issue them passes to sterile zone.

As for GA... nobody checks your pilot license when you get into a/c. Few places renting GA a/c would bother to check if the plastic card is valid.

"The Lockerbie bomber" claims he's innocent, and he has some arguments. I won't get into this, except to say that there's a doubt. I think the software company could have found a better example.

>As for GA... nobody checks your pilot
>license when you get into a/c. Few
>places renting GA a/c would bother to
>check if the plastic card is valid.

Good for me, but I got a chuckle once when I rented a car and the rental agent let me know my license was expired as he handed me the paperwork and keys.

>I won't get into this, except to say that
>there's a doubt.

There is always doubt. The question is whether it's reasonable or not.

Justice, like security, will always be fallible, because it deals with and is dealt by humans.

So some people who were already in prison or otherwise completely visible to a criminal background check got noticed when their data was in an FAA database? How useful.

What would be more interesting to me is unravelling the history of those database entries, to figure out if the paper in question was legitimately acquired by the actual baddies pre-conviction, or shows some holes in the data-entry process.

@Pete Kirkham:

I'm glad to see somebody else remembered where the word 'algorithm' actually came from.

"It detects names which sound like Abū ʿAbdallāh Muḥammad ibn Mūsā al-Khwārizmi"

But officer it's only SPELLED S-M-I-T-H it's PRONOUNCED Abū ʿAbdallāh Muḥammad ibn Mūsā al-Khwārizmi it's PRONOUNCED."

More security theatre...it's embarrassing (and equally worrying) that the FAA thinks that this makes the skies "safer"

You really start to question the collective intelligence of some agencies...

"detection software to sift out uncommon names such as Abdelbaset Ali Elmegrahi"

... Or people like Massoud Simnad who developed fuel rods for General Atomics, or Massad Ayoub who is a well regarded law enforcement officer and defensive firearms expert and instructor, or General John Abizaid, or President Barack Hussein Obama.....

..Or my wife, who was born in Pakistan and has an "unusual name" and flies both the US and Gadsen flags, and screams things like "WHY DO THEY WANT TO MAKE THIS COUNTRY LIKE FRANCE" at the television, more often than not....

Skinner:

Actually its "Throat Warbler Mangrove"...

>>I won't get into this, except to say that
>>there's a doubt.

>There is always doubt. The question is
>whether it's reasonable or not.
In the Pan Am 103 case, there is a lot of doubt. Many of the British families of the deceased have very substantial doubts that the right person - indeed, the right country - is on trial.

Unfortunately, that sounds like a conspiracy theory, but the doubting families, led by Dr. Jim Swire, are not your usual bunch of whackjobs.

The other thing to note is that the diversity of Islamic names is substantially less than that of Western names, especially for a country like the US which has several naming traditions. In much of the Muslim world, you hardly *have* a family name (a tradition shared with that well-known terrorist haven, Iceland). So false positives are way more likely.