Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« New Book: Cryptography Engineering | Main | Acrobatic Thieves »
March 24, 2010
Dead on the No-Fly List
Such "logic":
If a person on the no-fly list dies, his name could stay on the list so that the government can catch anyone trying to assume his identity.
But since a terrorist might assume anyone's identity, by the same logic we should put everyone on the no-fly list.
Otherwise, it's an interesting article on how the no-fly list works.
Posted on March 24, 2010 at 6:38 AM • 57 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Baz • March 24, 2010 7:03 AM
Why would they assume the identity of someone on the no-fly list? Wouldn't they have the sense to assume the identity of someone who /can/ fly? D'oh.
BF Skinner • March 24, 2010 7:19 AM
But they can also say "Deadman X couldn't fly and endanger us. No Fly works Senator."
Of course they could know something about the upcoming Zombie war they aren't sharing.
BatR • March 24, 2010 7:20 AM
That's assuming that someone knows that the name is on the no-fly list at the time. Someone that has been recently added or that is being "shadowed" might have no idea (and this is really the primary use of the no-fly list, as far as I can tell).
I can think of plenty of reasons why someone might attempt to assume the identity of a dead colleague if they weren't aware that the identity was compromised. For instance, if he was aware that his true identity was on the no-fly list!
BF Skinner • March 24, 2010 7:21 AM
@Bruce S "by the same logic we should put everyone "
Well we should certainly put every dead one on the list at least it'll never have to be updated.
Sounds to me like there's a bureaucratic machine involved and it's too inefficient to remove names from the list in a timely fashion. So instead of fessing up to the problems associated with bureaucratic institutions, the agency is trying to sell their inefficiencies as perks, even though such perks make absolutely no sense.
Michael Dickens • March 24, 2010 7:24 AM
Why is it that people like the TSA care so much about terrorism, yet they care so little about the hundreds of times more people who die in, say, swimming pools? Why not spend all this money hiring more and better lifeguards?
alreadyonthelist • March 24, 2010 7:35 AM
Speaking as a person on a watch list I can tell you this, it makes no sense when you are a victim of the inefficiency, the lack of information sharing, the unappealable decisions made by a hidden "team". This is very serious business and there should be judicial scrutiny of the lists. For example, I named the person on the complaint that put me on the list. No judicial review, no one represents the rights of the "accused" on watch lists. This is very ominous and just the tip of the iceberg.
mcb • March 24, 2010 7:51 AM
As a business traveler whose name was on the "selectee list" for a couple years I derive much more comfort from reinforced flight deck doors and fellow passengers empowered to take responsibility for their own security than I do the wisdom of the TSA.
Clive • March 24, 2010 7:59 AM
Actually, I find that logical: anyone trying to board a plane while dead is clearly an imposter and presumably up to no good.
However, this is actually an argument for putting all dead people on the no-fly list. The reason they can't, of course, is that the list is such a blunt instrument, with so many false positives, that almost everybody would then be ensnared.
BF Skinner • March 24, 2010 8:34 AM
@Clive "an argument for putting all dead people "
I was thinking that too Clive. Problem is names are just a label, they aren't identity (can we vote that we've beat that to death) or even descriptive. And of course there are no rules about reuse.
When my mom changed her name after her divorce her lawyer said "You don't have to go to court you can call yourself anything you want." Provisio'd "as long as there is no intent to defraud."
RealID and HSPD12 want a much more defined identity on record that can be checked.
But on the plus side -- at least dead people aren't namby pamby whiney crybabies who call their lawyer or political representative at the drop of a TSA groping.
TDL • March 24, 2010 8:35 AM
If they put all dead people on the list, we could all rest easy knowing that the flying public will be protected in the event of a zombie apocalypse.
GreenSquirrel • March 24, 2010 9:07 AM
@ Bruce
"Otherwise, it's an interesting article on how the no-fly list works"
I would contest the use of the word "works" in that sentence....
<humour/>
alessandro • March 24, 2010 9:13 AM
Why no one complaints that there are not no-train or no-metro lists? and what about "stadium-when-crowded" "no-cruise" lists?
HJohn • March 24, 2010 9:40 AM
I think the no-fly list is a mess and a waste, I want to be clear on that up front.
Having said that, Bruce, I do think this is a valid concern. It's true that a terrorist may assume someone's identity, but there is a living person that may through a wrench into that, whereas the dead don't complain too much.
I imagine two terrorist buddies, well call them Joe Jihad and Johnny bin Laden. Joe can't get a boarding pass, but Johnny can, but poor Johnny gets himself killed. It's not far fetched to think Joe may use Johnny's credentials.
That is not an argument in favor of the no-fly list, but if they are going to have it I do not think this is an unrealistic scenario.
BF Skinner • March 24, 2010 10:07 AM
Actually cruise lists (and merchant vessels crew lists) are vetted through the Coast Guard and have been since 2001.
mcb • March 24, 2010 10:15 AM
@ TDL
"If they put all dead people on the list, we could all rest easy knowing that the flying public will be protected in the event of a zombie apocalypse."
Unless a recently bit fellow flier becomes a "Zombie on a @#$% Plane!"
Clive Robinson • March 24, 2010 10:19 AM
@ Clive,
Hi, not sure who you are but you are not me 8)
@ BF Skinner,
"Well we should certainly put every dead one on the list at least it'll never have to be updated."
If all the dead go on AND it never has to be updated that means the rest of us live forever ;)
He ho I guess I'd better get a new hobby as it might need to last a while 8)
GreenSquirrel • March 24, 2010 10:22 AM
@HJohn
That sort of makes sense but isnt solved by this.
If living Johnny can get a boarding pass, he isnt on the no-fly list so unless the plan is (as previously mentioned) put all the dead onto the list nothing would change.
What this seems to imply is that they are concerned Joe and Johnny are both on the list, Johnny gets killed and (somehow) this is communicated to the US government and the dead name is removed from the list. Joe then pretends to be Johnny to get on a plane.
As to how feasible this is, well.... If it really is that easy to get off the list.....
HJohn • March 24, 2010 10:27 AM
@GreenSquirrel at March 24, 2010 10:22 AM
_________
Actually, I stand corrected. You are correct. In my pre-coffee state, I was thinking of one being on the list and the other not. Johnny wouldn't have been on the list to remove so it is not a valid analogy.
My apologies. Thank you for pointing this out.
GreenSquirrel • March 24, 2010 10:36 AM
@ HJohn at March 24, 2010 10:27 AM
---------
No problems, I am just glad to have been able to catch you out! Its very rare.
The whole thing isnt helped by the crazy ideas being pushed out by various government departments. I am (at least partly) convinced its all done to confuse people so everything starts to make sense....
</conspiracy theory>
G-man • March 24, 2010 10:58 AM
@ Posted by: at March 24, 2010 10:04 AM:
Unfortunately, I'm still on Suzy Smith's "no sleep with" list.
--------------------------
Keep trying... maybe someday you will get on her "Selectee List!"
Beta • March 24, 2010 11:05 AM
Sounds as if they're concealing the real reason: someone in TSA saw a movie in which a bad guy faked his own death. They're afraid of someone doing this to get off the list, then stealing *his own* identity! (That way he won't have to make fake ID, which is utterly impossible.) Now all we need is a law against people posing as themselves if their names are on a secret list...
HJohn • March 24, 2010 11:07 AM
@GreenSquirrel: "The whole thing isnt helped by the crazy ideas being pushed out by various government departments. I am (at least partly) convinced its all done to confuse people so everything starts to make sense...."
____________
I don't think it is deliberate. It was discussed a while back the way a system expands to include functions never inteded to be addressed. Like how drivers licenses were originally just to license driving, now they are photo ID, age verification, travel, authentication, etc. They were problematic for a long time because they were being used for a function they were not designed for.
I see that with the airline security process. It was originally set up to mitigate the risks of hijackings, people checking bombs, etc. Now it is expected to be counterterrorism, identity authentication, liquid analyzer, shoe explosive inspector, electronic device assessor, behavioral analysis, and most of them probably bought stocks in plastic silverware just before beefing up screening.
Most of it is an example of scope creep. See it everywhere. Part of it is the nature of politics--we expect our government in general and a president specifically to be a master of airline security, counterterrorism, health care, economic issues, and foriegn relations. A greatly expanded role from it's original intent. This is not to inject politics directly into the discussion, but those running airline security (and the no fly list by extension) ultimately report to those elected, who likewise become a jack of all trades but masters of none due to the broad level of responsibility placed on them (rightly or wrongly).
paul • March 24, 2010 11:08 AM
If they can vote, they should be able to fly. Or not. So does this mean that if Osama dies his body can't be shipped home for burial?
If you take this as logic rather than bafflegab, it should really be the other way around. Terrorists aren't going to assume the identity of someone they think might be on the list; that would be borrowing trouble. So the name of anyone who is dead and on the list should be removed, but the names of all the dead people who weren't on the list while alive should be added.
angus • March 24, 2010 11:22 AM
@Michael:
Because they are the *Transportation* Security Administration. Swimming pools are not their remit.
Last time I checked, nobody used swimming pools to travel (well, not very far, anyway, 50m would be about the maximum).
GreenSquirrel • March 24, 2010 11:46 AM
@ HJohn at March 24, 2010 11:07 AM
"I don't think it is deliberate. It was discussed a while back the way a system expands to include functions never inteded to be addressed. Like how drivers licenses were originally just to license driving, now they are photo ID, age verification, travel, authentication, etc. They were problematic for a long time because they were being used for a function they were not designed for."
------------------
I remember previous discussion on this topic.
I sort of agree and I do think that, generally, most government agencies are far from Orwellian or even clever enough to have such plans behind the scenes. They are certainly never secretive enough to stop this information leaking.
<conspiracy theorist voice>
However, when we find ourselves saying this over and over, justifying more and more with it, then maybe its a sign....
We are already at the point where no two people can actually agree on why a policy is inplace, and it seems more people are starting to think "it must make sense" simply because its too convoluted to keep track of....
</conspiracy theorist voice>
GreenSquirrel • March 24, 2010 11:52 AM
I hate myself for having read this on the UK "newspaper" The Sun's website but this might be of interest:
http://www.thesun.co.uk/sol/homepage/news/...
"A HEATHROW security man was quizzed by police after ogling a girl colleague "naked" in a new anti-terror body scanner.
Jo Margetson, 29, reported John Laker, 25, after he took her picture with the X-ray gadget and made a lewd comment."
It will be interesting to see what, if any, outrage comes of this (it is The Sun after all) but its saddening to see the despicable Keith Vaz getting his oar in quickly....
I need to go and take a shower now.
I love all of the "may"s in the last paragraph. They "may" be screened more. They "may" be watched on cameras...
So basically, being on the no fly list is identical to being not on it =p
Ali • March 24, 2010 12:01 PM
The way I understand this is that if "someone is on the no-fly list and tries to board a plane to get out of the US then they cant because they are suspected terrorists" Am I correct?
If I am then it means that 'if' the no-fly list really works then US will gradually retain more terrorists (dead or alive) than other countries, as terrorists wont be able to get out of there. Leave that for a couple of hundred years and the US will be like 99.9% full of terrorists. Then they can all be nuked and done away with. Terrorism sorted!
HJohn • March 24, 2010 12:02 PM
@GreenSquirrel: I remember previous discussion on this topic.
__________
LOL. I lose track some times. As a veteran auditor at the Department of Redundancy Department, I should be more careful not to repeat the frequent repeated conversatations I have frequently. ;)
Okay, now I'm just being goofy. :)
Seriously, I agree with you that much of their true agenda is unstated. People may focus so much on what they don't understand, much of which is garble, that it gives them a bit of a pass on what is truly problematic. In other words, the confusion provides cover.
GreenSquirrel • March 24, 2010 12:07 PM
Please forgive me for this but I have found something else in The Sun (scum) newspaper that seems relevant an interesting.
http://www.thesun.co.uk/sol/homepage/news/...
"FEMALE suicide bombers are being fitted with exploding breast implants which are almost impossible to detect, British spies have reportedly discovered.
The shocking new al-Qaeda tactic involves radical doctors inserting the explosives in women's breasts during plastic surgery — making them "virtually impossible to detect by the usual airport scanning machines".
It is believed the doctors have been trained at some of Britain's leading teaching hospitals before returning to their own countries to perform the surgical procedures.
MI5 has also discovered that extremists are inserting the explosives into the buttocks of some male suicide bombers. "
_____________________
Is anyone surprised the Evil Terrorists have already thought of a way to defeat our latest and greatest technological "security" (*) measure? This is so good it even hits at profiling, given that most supporters of profiling seem to assume Middle Eastern men should be prime targets....
So we have a new, intrusive security measure that is used by perverts and which blatantly fails to combat the now "known" terrorist attack plans...
What next? Will all women have to subject themselves to breast inspections? I am available at short notice should this ever be required...
______________
(*) yes, they are sneer quotes, just like when I call the Scum a "newspaper."
GreenSquirrel • March 24, 2010 12:08 PM
@HJohn
"Okay, now I'm just being goofy. :) "
People should be goofy more often. This is the internet and its boring if we take it too seriously!
That said, Mickey might get jealous if we are all goofy...
BF Skinner • March 24, 2010 12:17 PM
@GreenSquirel "no two people can actually agree on why a policy is inplace"
I think we're a step farther back than that and have to deal first with "two people agree on WHAT a policy means".
Policies are written, deliberately, generally in nature so they can be broad in scope and apply to the most cases.
Leaves a lot of wiggle room that.
If only there was some sort of big brainy thing that we could do to you know lay out all the details, compare to other thingys, measure stuff and communicate that in a clear declarative form of idea conveyance....
NobodySpecial • March 24, 2010 12:47 PM
@GreenSquirrel
Can I be the first to start a story that suicide bombers are putting explosives in penile implants. These can only be detected because they don't 'react' when expertly manipulated by attractive female agents.
It beats having to take your shoes off.
NobodySpecial • March 24, 2010 12:52 PM
"If a person on the no-fly list dies, his name could stay on the list so that the government can catch anyone trying to assume his identity."
A bit unfair on the Dalai Llama !
wrecks • March 24, 2010 1:00 PM
I thought I was getting old and people were naming their babies really odd names with strange spellings. Now I see it is just a way of allowing your kids to fly. Adopt and survive.
GreenSquirrel • March 24, 2010 1:13 PM
@ Nobody Special
You owe a new keyboard and monitor for both of those comments.
That said I am tempted to send an anonymous tip regarding the penisbomb....
alessandro • March 24, 2010 1:26 PM
"cruise lists [...] are vetted through the Coast Guard and have been since 2001."
to be honest, I don't know if I am more surprised by the existence of a no-cruise list, or because there is Yet Another Office dealing with black lists.
unless, of course, the two lists are synchronised... because there can't be water-terrorists which are not air-terrorists...right?
HJohn • March 24, 2010 1:32 PM
@alessandro: "unless, of course, the two lists are synchronised... because there can't be water-terrorists which are not air-terrorists...right?"
____________
To be fair, I don't know that it is so much of a "black list" on cruises. I'm a frequent cruiser, and not only do most cruises go to other countries, not to mention there is no enforcement of making people return to the ship (nor should their be).
Bottom line, a cruise would be an excellent way for someone to get out of the country. Most countries control who leaves (and enters) their borders.
Leibovich • March 24, 2010 3:16 PM
The logic is simple. It is much easier to assume a dead man identity than a living one.
Nostromo • March 24, 2010 3:20 PM
Yes, we can all laugh at the idiocy of the bureaucracy.
But it's not funny for the thousands of people who have no connection with terrorism, yet are on the no-fly list. Let's stop treating this as a joke, folks. The politicians who can stop this need to feel the heat. Please stop voting for candidates who won't pledge to scrap the no-fly list - and if you can, work for the campaign teams of candidates who do promise to scrap it. Or give them money.
NobodySpecial • March 24, 2010 5:18 PM
@alessandro
Just to make it worse they cracked down on enforcing the no-cruise list.
They want to enforce checks every time someone boards and it applies to crew.
So you are running a little tug pushing barges around the mississippi somewhere you now have to have a computer and 3G link to swipe and record the ID card of every deckhand every time they hop on and off the boat. Compliance is expected to be 'a problem'.
@Nostromo
We don't get to vote for them. The TSA is now enforcing no fly lists for non-US carriers that fly (or might fly) into US airspace. So if you are flying from the UK to Canada your details are recorded in case the plane is stacked and crosses the border.
There is a proposal to extend this to all carriers, which means Canadians will be banned from flying between most Canadian cities if their name matches the list.
Snarki, child of Loki • March 24, 2010 5:37 PM
@Michael Dickens: "Why is it that people like the TSA care so much about terrorism, yet they care so little about the hundreds of times more people who die in, say, swimming pools? "
You mean you didn't know that all swimming pools are already on the no-fly list? Security theater is what TSA does best!
qoq • March 24, 2010 6:52 PM
Now there are 3 things certain in life: death, taxes, and not getting off the no-fly list.
Gary • March 24, 2010 6:57 PM
Is it a person on the no-fly list or an identity ? If, for example, you knew a bunch of forged passports had been made with the intent of assassinating someone (far-fetched, I know), then wouldn't it make sense to have those identities on the no-fly list (or a watch list).
Doesn't make a difference whether the person who's name is on the passport is alive, dead or never existed.
Nobody • March 24, 2010 10:27 PM
@ Gary
The have listed the passports on interpols watch list.
Unfortunately the passports were copied from real (innocent) people - at least in the case of the British ones - hope they don't plan on travelling much.
William The Conqueror • March 25, 2010 2:28 AM
Does this mean I am no longer eligible for my Frequent Flier miles?
GreenSquirrel • March 25, 2010 5:56 AM
@ Leibovich at March 24, 2010 3:16 PM
"The logic is simple. It is much easier to assume a dead man identity than a living one."
Even if that is the case (and I have no reason to say one way or another), there is no logic here, unless the current situation is that the no-fly list is constantly checked to find out who is, and who isnt dead so they can remove the dead from the list.
Given the difficulty living people have for getting off the list, and the difficulty in finding out if Person X (who is believed to have met a terrorist at some point in their life) is dead and matches the person on the list, so it can be removed, it seems bizarre that this has even come up.
Bizarre enough that, just like pretty much everything else the TSA generate, it should be ridiculed constantly.
Mockery is too good for the TSA.
Alexander the Great • March 25, 2010 7:11 AM
"Does this mean I am no longer eligible for my Frequent Flier miles?"
Stop whingeing, Willy old boy. It happens to everyone. At least you're not in the dire position of the other famous Willy - he has to put up with re-runs of Hamlet, The Tempest, King Lear, King Richard the Second, and the Third, and King John,and all the while it's all much ado about nothing! He doesn't have any time to worry about his Frequent Flier miles!
Socrates • March 25, 2010 7:23 AM
At least, sir Alexander the Great, you haven't had to drink a cup of hemlock just to shut the government up! Gah!!! Still can't get the taste of it out of my mouth! I'll bet Continental still serve it on request, do they?
( an inspiration later )
I have found it! TSA is the new Pan Am!!! As Pan Am is the Microsoft of our times!
Travis • March 25, 2010 8:08 AM
It actually makes sense. If deceased are removed from the list, then the living simply need to assume that identity to get a free pass.
Mark • March 25, 2010 3:28 PM
@paul
If they can vote, they should be able to fly. Or not. So does this mean that if Osama dies his body can't be shipped home for burial?
With many planes the worst place to have an explosion is one of the cargo holds.
It's also possible to hide a rather large bomb in a dead body. An even bigger one in a coffin/casket which dosn't contain a body at all.
Mark • March 25, 2010 3:37 PM
@Michael Dickens
Why is it that people like the TSA care so much about terrorism, yet they care so little about the hundreds of times more people who die in, say, swimming pools? Why not spend all this money hiring more and better lifeguards?
Or given that the T stands for Transport it would make more sense to be concerned about road deaths.
I'm not sure that the TSA are much good at stopping terrorism. Dr George Tiller being a notable victim of a terrorist attack in the US last June.
Andrew Garland • March 26, 2010 12:10 AM
A terror attack on an airplane is horrible, but a publicity attack against the TSA is unthinkable. Say they drop the name of a dead man from the list (or really, any name), then someone assumes that identity and commits any infraction worthy of publicity. The headline would be "TSA drops name from list just before it is used for illegal purposes". The TSA could not tolerate that outcome.
This attack on the TSA's reputation relies on the false notion that it is extreme incompetence to "let the name slip through their fingers", rather than just the ordinary failure to catch someone who is not on the list.
This is a variation on the bureacratic requirement to defend against all prior types of attack, even if this impairs defending against new types. The public accusation would be "you already knew about this type of attack, yet still allowed it to happen".
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M J
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments