Schneier on Security
A blog covering security and security technology.
« Terrorists and Border ID Systems |
| Fingerprinting Students »
January 8, 2005
Terrorism False Positives
Security systems fail in two different ways. The first is the obvious one: they fail to detect, stop, catch, or whatever, the bad guys. The second is more common, and often more important: they wrongly detect, stop, catch, or whatever, an innocent person. This story is from the New Zealand Herald:
A New Zealand resident who sent $5000 to his ill uncle in India had the money frozen for nearly a month because his name matched that of several men on a terrorist watch list.
Because there are far more innocent people than guilty ones, this second type of error is far more common than the first type. Security is always a trade-off, and when you're trading off positives and negatives, you have to look at these sorts of things.
Posted on January 8, 2005 at 8:00 AM
• 6 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Interesting post. Personal names are a great follow-up to your recent post on the failings of the US border ID system:
If I read this article correctly, Western Union says it can take their legal team up to four weeks to clear someone's name. In this case it appears that they investigated the source of money (Mohammad Abbas), but not the destination (a man in an Indian hospital desperately in need of a transplant). The article definitely makes one wonder if there could be a better way, such that Western Union could avoid *increasing* risk to customers while still trying to comply with anti-terrorism regulations.
With regard to false positives the Transactional Records Access Clearinghouse (TRAC) at Syracuse University reports that US federal investigators have prosecuted more than 6,400 people from 2001 to 2003 to "prevent or disrupt potential or actual terrorist threats". Only five have been sentenced to twenty years or more in prison, while the median sentence is just 14 days. The number of defendants sentenced to five or more years in prison for terrorism actually declined from pre-9/11. It's a fasinating study that asks many pointed questions about US anti-terrorism and criminal enforcement:
The FBI "terrorist" statistics reportedly include a widely varying assortment of criminal violations. For example, I would guess that it certainly covers cases like those of William Krar, Judith Bruey and Edward Feltus, members of the American militia who were caught hiding a fully functional sodium cyanide bomb (WMD) in East Texas: http://cbs11tv.com/investigations/...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.