Secure Flight

Last Friday the GAO issued a new report on Secure Flight. It’s couched in friendly language, but it’s not good:

During the course of our ongoing review of the Secure Flight program, we found that TSA did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act. In particular, the public was not made fully aware of, nor had the opportunity to comment on, TSA's use of personal information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the Federal Register that included descriptions of how such information would be used. However, these notices did not fully inform the public before testing began about the procedures that TSA and its contractors would follow for collecting, using, and storing commercial data. In addition, the scope of the data used during commercial data testing was not fully disclosed in the notices. Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth, and telephone number without informing the public. As a result of TSA's actions, the public did not receive the full protections of the Privacy Act.

Get that? The TSA violated federal law when it secretly expanded Secure Flight’s use of commercial data about passengers. It also lied to Congress and the public about it.

Much of this isn't new. Last month we learned that:

The federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers -- even though officials said they wouldn't do it and Congress told them not to.

Secure Flight is a disaster in every way. The TSA has been operating with complete disregard for the law or Congress. It has lied to pretty much everyone. And it is turning Secure Flight from a simple program to match airline passengers against terrorist watch lists into a complex program that compiles dossiers on passengers in order to give them some kind of score indicating the likelihood that they are a terrorist.

Which is exactly what it was not supposed to do in the first place.

Let's review:

For those who have not been following along, Secure Flight is the follow-on to CAPPS-I. (CAPPS stands for Computer Assisted Passenger Pre-Screening.) CAPPS-I has been in place since 1997, and is a simple system to match airplane passengers to a terrorist watch list. A follow-on system, CAPPS-II, was proposed last year. That complicated system would have given every traveler a risk score based on information in government and commercial databases. There was a huge public outcry over the invasiveness of the system, and it was cancelled over the summer. Secure Flight is the new follow-on system to CAPPS-I.

EPIC has more background information.

Back in January, Secure Flight was intended to just be a more efficient system of matching airline passengers with terrorist watch lists.

I am on a working group that is looking at the security and privacy implications of Secure Flight. Before joining the group I signed an NDA agreeing not to disclose any information learned within the group, and to not talk about deliberations within the group. But there's no reason to believe that the TSA is lying to us any less than they're lying to Congress, and there's nothing I learned within the working group that I wish I could talk about. Everything I say here comes from public documents.

In January I gave some general conclusions about Secure Flight. These have not changed.

One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement -- in almost every way -- over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)

Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else's ticket, airline procedures, etc.

Three, the urge to use this system for other things will be irresistible. It's just too easy to say: "As long as you've got this system that watches out for terrorists, how about also looking for this list of drug dealers...and by the way, we've got the Super Bowl to worry about too." Once Secure Flight gets built, all it'll take is a new law and we'll have a nationwide security checkpoint system.

And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.

What has changed is the scope of Secure Flight. First, it started using data from commercial sources, like Acxiom. (The details are even worse.) Technically, they're testing the use of commercial data, but it's still a violation. Even the DHS started investigating:

The Department of Homeland Security's top privacy official said Wednesday that she is investigating whether the agency's airline passenger screening program has violated federal privacy laws by failing to properly disclose its mission.

The privacy officer, Nuala O'Connor Kelly, said the review will focus on whether the program's use of commercial databases and other details were properly disclosed to the public.

The TSA's response to being caught violating their own Privacy Act statements? Revise them:

According to previous official notices, TSA had said it would not store commercial data about airline passengers.

The Privacy Act of 1974 prohibits the government from keeping a secret database. It also requires agencies to make official statements on the impact of their record keeping on privacy.

The TSA revealed its use of commercial data in a revised Privacy Act statement to be published in the Federal Register on Wednesday.

TSA spokesman Mark Hatfield said the program was being developed with a commitment to privacy, and that it was routine to change Privacy Act statements during testing.

Actually, it's not. And it's better to change the Privacy Act statement before violating the old one. Changing it after the fact just looks bad.

The point of Secure Flight match airline passengers against lists of suspected terrorists. But the vast majority of people flagged by this list simply have the same name, or a similar name, as the suspected terrorist: Ted Kennedy and Cat Stevens are two famous examples. The question is whether combining commercial data with the PNR (Passenger Name Record) supplied by the airline could reduce this false-positive problem. Maybe knowing the passenger's address, or phone number, or date of birth, could reduce false positives. Or maybe not; it depends what data is on the terrorist lists. In any case, it’s certainly a smart thing to test.

But using commercial data has serious privacy implications, which is why Congress mandated all sorts of rules surrounding the TSA testing of commercial data -- and more rules before it could deploy a final system -- rules that the TSA has decided it can ignore completely.

Commercial data had another use under CAPPS-II In that now-dead program, every passenger would be subjected to a computerized background check to determine their "risk" to airline safety. The system would assign a risk score based on commercial data: their credit rating, how recently they moved, what kind of job they had, etc. This capability was removed from Secure Flight, but now it's back:

The government will try to determine whether commercial data can be used to detect terrorist "sleeper cells" when it checks airline passengers against watch lists, the official running the project says....

Justin Oberman, in charge of Secure Flight at TSA, said the agency intends to do more testing of commercial data to see if it will help identify known or suspected terrorists not on the watch lists.

"We are trying to use commercial data to verify the identities of people who fly because we are not going to rely on the watch list," he said. "If we just rise and fall on the watch list, it's not adequate."

Also this Congressional hearing (emphasis mine):

THOMPSON: There are a couple of questions I'd like to get answered in my mind about Secure Flight. Would Secure Flight pick up a person with strong community roots but who is in a terrorist sleeper cell or would a person have to be a known terrorist in order for Secure Flight to pick him up?

OBERMAN: Let me answer that this way: It will identify people who are known or suspected terrorists contained in the terrorist screening database, and it ought to be able to identify people who may not be on the watch list. It ought to be able to do that. We're not in a position today to say that it does, but we think it's absolutely critical that it be able to do that.

And so we are conducting this test of commercially available data to get at that exact issue.: Very difficult to do, generally. It's particularly difficult to do when you have a system that transports 1.8 million people a day on 30,000 flights at 450 airports. That is a very high bar to get over.

It's also very difficult to do with a threat described just like you described it, which is somebody who has sort of burrowed themselves into society and is not readily apparent to us when they're walking through the airport. And so I cannot stress enough how important we think it is that it be able to have that functionality. And that's precisely the reason we have been conducting this ommercial data test, why we've extended the testing period and why we're very hopeful that the results will prove fruitful to us so that we can then come up here, brief them to you and explain to you why we need to include that in the system.

My fear is that TSA has already decided that they’re going to use commercial data, regardless of any test results. And once you have commercial data, why not build a dossier on every passenger and give them a risk score? So we're back to CAPPS-II, the very system Congress killed last summer. Actually, we're very close to TIA (Total/Terrorism Information Awareness), that vast spy-on-everyone data-mining program that Congress killed in 2003 because it was just too invasive.

Secure Flight is a mess in lots of other ways, too. A March GAO report said that Secure Flight had not met nine out of the ten conditions mandated by Congress before TSA could spend money on implementing the program. (If you haven't read this report, it's pretty scathing.) The redress problem -- helping people who cannot fly because they share a name with a terrorist -- is not getting any better. And Secure Flight is behind schedule and over budget.

It's also a rogue program that is operating in flagrant disregard for the law. It can’t be killed completely; the Intelligence Reform and Terrorism Prevention Act of 2004 mandates that TSA implement a program of passenger prescreening. And until we have Secure Flight, airlines will still be matching passenger names with terrorist watch lists under the CAPPS-I program. But it needs some serious public scrutiny.

EDITED TO ADD: Anita Ramasastry's commentary is worth reading.

Posted on July 24, 2005 at 9:10 PM • 31 Comments

Comments

PaulJuly 24, 2005 9:59 PM

Maybe if we all work at it, we can get "them" to leverage all the resources of the Department of Homeland Security and screen passengers against the FBI's profiles of active cases. After all, that could be a wanted murderer sitting next to you on the plane, and criminal profiling has a long history. And he could have an outstanding ticket for speeding. Or parking in the white zone, which is for loading and unloading passengers only.

Too bad I can't spell "facetious".

When it comes to security, it takes real guts and leadership skills to be able to say, "This is as far as we're taking it, and no farther." Because every additional step has its advocates saying that they can make everyone just that little bit safer.

Would any of the tools being proposed have caught any of the serial killers of recent memory? (Not that serial killers are known for doing as much flying as terrorists, but that's not the point.) And if we can't identify serial killers, how can we identify parallel killers?

Then, if we had the capability to identify terrorists out of a crowd of people presenting themselves at an airport, why not simply wash the entire population through the algorithm on a regular basis and let the secret police (sorry, I mean the anti-terrorism squads) study in more detail those it deems necessary. Profiles are just that: a silhouette, not a picture. They identify broad groups of the population for further scrutiny. They aren't evil of themselves, but they simply aren't good at pinpointing specific individuals.

I suspect the goal has to shift from one of preventing certain people from flying to one of limiting any opportunities for terrorist acts during any given flight. (This isn't to say that suspected terrorists should be given free reign, but rather that we shouldn't be expecting algorithmic solutions to identify wrongdoers among the general population.)

Neil BelskyJuly 24, 2005 10:30 PM

I worked for the T.S.A.
Nothing about them suprises me.
Corner me and I'll tell you about "Training"
and the people who died or went nuts during it.

Rob MayfieldJuly 24, 2005 11:15 PM

We often ack that security is about tradeoffs and this is an excellent example of where that tradeoff can go horribly wrong. The cure that secure flight offers appears far worse than the disease.

They deceive, they mock the law, they treat the government with contempt - all in the name of protecting your way of life. No doubt they justify it with thoughts of desperate times requiring desperate measures. You have to ask whether they any better than the people they are allegedly protecting you from.

I imagine that after several generations of the solution with varying degrees of success, other countries like Australia will follow. The starting point and generations will no doubt appear strangely familair; too often we seem to learn only from our own mistakes ...

Davi OttenheimerJuly 25, 2005 12:32 AM

Excellent write-up.

It seems to me that common sense should lead the US Administration to conclude that the best chance of catching terrorists is via highly-trained experts who are well versed in security trade-offs. Perhaps there is a way to empower middle-tier administrators to make intelligent decisions and strengthen their network. We would be fools to think that tools and raw data can help without an intelligent operator, or input from a skilled and representative group. Thus, an even better strategy is to take advantage of existing qualified and trusted people within communities who are capable of detecting anomaly and willing to report it (because it actually makes them safer -- like neighborhood crime watch).

Neither of these scenarios has anything to do with how to stop the Administration from lying to public/Congress or breaking the law. But perhaps we can at least dispense with the idea of buying huge repositories of faulty commercial data and using some sort of *magical* algorithms to automatically detect and report probabilities of terrorism.

Anyone who has ever had the displeasure of working on CRM systems knows exactly what I am talking about. Consultants promise amazing results in a short time that might even justify extra-legal means to achieve miraculous ends. Instead the private sector struggles with cost-overruns and lack of performance from "total awareness" systems that do little more than increase the complexity/cost of operations and seriously magnify real risk to the corporation (due to breaches). In other words, if the private sector experience tells us anything, these information assets actually could undermine security more than provide awareness as they become a focal point for abuse and exploitation.

But, back to the US government approach to anti-terror technology programs, The Register put nicely when they reported on the FBI approach to the Madrid bombings:

http://www.theregister.co.uk/2004/05/28/terror_technology/

"The FBI's blunders reflect a change in criminal investigation procedures since computers began to play a significant part of detective work. Policing now involves aggregating vast silos of digital information in the belief that some clever software robot can be unleashed later, to make sense of it all. Intuition and common sense have been correspondingly downgraded, and that's a real loss."

The Register also includes an insightful quote from the New York Times, that further shows raw data accumulation and dry correlation are nothing without human judgement as well as meaningful context:

"Ibrahim Hooper, spokesman for the Council on American-Islamic Relations points out that, 'it becomes the whole Kevin Bacon game — no Muslim is more than six degrees away from terrorism.' SRD's software, Maynes tells us, can find relationships 'at up to 30 degrees of separation" which proves that if nothing else, the CIA will have a new definition of tenuous.'"

Sounds like a gaggle of Consultants on Capital Hill looking to get a piece of the anti-terror budget, coupled with ultra-arrogant politicians who seem to be gifted with a blatant disregard for US law, all awash in fear and flailing unintelligently for quick solutions to a problem neither of them really understand.

Remember the guy who murdered his neighbors, and then entered into the US even though he arrived at the border with the blood-stained chainsaw and a bunch of other weapons? Sure they took his weapons away, and he was only a cold-blooded murderer as opposed to an Al-Qaeda operative. But here is a case of a man covered in blood and border officers who apparently do not bother to ask a single question to identify a risk and alert authorities.

http://news.bbc.co.uk/2/hi/americas/4072746.stm

SecureFlight appears to just reduce freedom and liberties of the innocent while ignoring day-to-day procedures that really matter to security, leaving the US less secure with systems open to simple evasion or abuse.

Mark El-WakilJuly 25, 2005 12:39 AM

There's no point in having a centralized database like this when the criteria behind what constitutes a terrorist may change.

So, the next time we go into a South American country, do immigrants from that country get a bump in their "terrorist-possibility-level?" How about African countries? Finally, how about militia? Does living in Montana increase your "terrorist level" in comparison to living in Pennsylvania?

Or does this only apply to "foreign" terrorism?

For that matter, how do we validate that this information is correct? We can't even get proper information on whether or not people can vote (look at how many people got disqualified as felons in Florida in 2004).

Finally, how do we make sure that nobody is bribed into bumping specific names lower on the terrorist watch list? And for that matter, how do we know that they'll handle the information responsibly and not put opponents of the TSA's political agenda as ranked higher?

They haven't proven themselves trustworthy so far. Why should we continue to trust them at all?

This is such an incredibly bad idea. It's too corruptable, ineffective, too static, and an invasion of privacy.

-----

On a side note, Bruce's interview in Turnnow was so incredibly apt when he said:

"Modern mass media has degraded our sense of natural risk, by magnifying the rare and spectacular and downplaying the common and ordinary. If we're wired to make our security trade-offs based on our sensory inputs, media gives us a wildly skewed view of the world. It's why people fear airplane crashes and not car crashes, even though the risk from the latter is considerably higher."

I know this is very leftist, but from a saving lives standpoint, shouldn't the government be spending money in proportion to number of lives saved? I imagine in that case, AIDS / Cancer research funding would go way up, and antiterrorism budgeting would go way down.

Thoughts / opinions are welcome.

PaulJuly 25, 2005 1:49 AM

@ Mark, " I imagine in that case, AIDS / Cancer research funding would go way up ..."

I'd hate to be the one to break the news, but on that scale AIDS research would be overfunded by a long shot. Yes, it's a populist research target, but way out of scale by the number of people affected. Unless, of course, you happen to think that education is itself a disease to be cured by funding; then we've got competing diseases which result in the same mortality. (For those who don't follow: where AIDS mortality is high, education is relatively low. If you address the education disease, the AIDS mortality will also be addressed.)

The unfortunate reality is that some diseases (in the broadest possible sense) cost a whole lot more per life saved than others. Should we simply not address the "expensive" diseases? The article(s) in Forbes (I believe it was June 20, for those who care) was informative, but most emphatically not definitve. Addressing disease solely by price of life saved is not an acceptable approach to medicine.

Or, to put the question more simply, should we simply refuse to treat the aged because the life-years saved are few?

Even more difficult for the bureaucratically minded: many lives saved cannot be quantified. How many lives have been saved by the "anti-drunk driving" campaigns?

No. Spending money purely in relation to somebody's artificial quantification of "lives saved" is not an acceptable criterion.

BryanJuly 25, 2005 2:51 AM

Bruce,

thanks for the write-up. Well done!

I've become pretty fed-up with the security mania surrounding our air travel industry since 9/11. Personally I believe the strengthening of cockpit doors and locks, as well as increased security posture & incident response training for aircrews and controllers, was the proper & proportionate response to 9/11 type threats. We could have left well enough alone after that.

I'm going to be writing to my Representative and Senators about this, and I think more people here should consider doing the same. It is time for 'cooler heads' to start speaking up. COntrary to popular belief, the American public isn't stupid: give 'em the straight dope!

PaulJuly 25, 2005 3:36 AM

Mark:

Just a little comment on your 'the next time we go into a South American country, or what about Africa' comment.

We've already been all ove SA, all ove SE Asia, and more than likely all over Africa. And we don't see terrorists or terror-attacks from these people. Don't be so quick to blame America for the terrorists. We are at war with a brand of Islam that wants all 'infidels' converted or dead. Plain and simple.

First PaulJuly 25, 2005 4:17 AM

Ahh, yes. The 3:36 comment is by a different "Paul" than the prior "Paul" comments. That ought'a keep things simple, eh?

NelCJuly 25, 2005 5:15 AM

2nd Paul, it's plain and simple to say, but it's not as easy to deal with, it seems. The Iraq imbroglio is a lost cause, so I won't comment on that, but if you wanted something useful to spend money on, to make the world (or just the USA) safer, then spending it on winning a few hearts and minds to non-radical Islam would erode the terrorists' support.

No, we can't eliminate organised lunatics from the world, but we can make it more difficult for them to organise.

Mark El-WakilJuly 25, 2005 6:21 AM

@Paul #1 and Paul #2

Yes, having the same name between two different people is slightly confusing. Therefore, let's all identify each other by using a unique id number, such as a Social Security Number! </joke>

Not Worried About TSAJuly 25, 2005 7:33 AM

I am all for reducing wasteful government spending where ever possible... But when it comes to invasion of privacy, I do not think the TSA is at fault here. In my mind the culprit are the "commercial databases" that mine and track every CC and frequent buyer purchase an individual has ever made. That should not be allowed without my express permission.

As to taking the next step and matching that to an airplane flight... Why should the TSA be faulted for the same thing that the airlines do, in the name of "cross selling" by trying to get me to book a room in my favorite hotel along with the ticket purchase?

VasuJuly 25, 2005 8:54 AM

I agree with "Not Worried About TSA".
I have had to face that issue multiple times. I don't understand the need for personal information. Walk into a barber shop, they want your phone number and address information. Its a pain to make them understand that they dont need that to cut my hair. I have had that talk with them numberous times (and somehow end up being the bad guy ! and they get all mad).
If only people would stop wanting all kinds of information about me, I'd be much happier and my identity would be much safer. (Yes I understand there is not much harm you can do with an name, address and phone number.. )

Mike SherwoodJuly 25, 2005 9:23 AM

@Vasu

There's not much harm you can do with a name, address and phone number? That's true up until the point where someone decides you fit some criteria for being a "person of interest". History is filled with examples of uses for such lists.

Congress appears to have been showing some good intentions by forbidding certain uses of this information. The fact that congress was ignored and that no one is being prosecuted is certainly a point of concern.

Glauber RibeiroJuly 25, 2005 9:52 AM

Whenever asked for address or phone number by someone who has no business having it (e.g.: Radio Shack), i give out fake ones. It's good to have a couple of fake addresses prepared so you can recite them convincingly. Usually just using the wrong city is enough to avoid getting the mail. It's much easier to give a fake phone number or address than to convince people they don't need them in the first place. I've had cases where i've told people that if they *had* to have an address i was going to give out a fake one, and they were ok with that. Just have to have some kind of information, doesn't need to be correct.

JakeJuly 25, 2005 9:54 AM

Bruce,

TSA is going on a fishing trip thinking that commercial databases would indeed get rid of the false positives.

But I have not seen the right question being asked:

" How do you judge intent ?"

El-al does not seem so bad at figuring it out and I am pretty sure they do not rely on the CC databases...

Jake.

Davi OttenheimerJuly 25, 2005 10:53 AM

"El-al does not seem so bad at figuring it out"

They've used qualified and trusted people for years who profile passengers prior to boarding. It's an elborate system that costs about $100 million a year for 40 flights a day, but no giant repository of commercial data and associated rights violations are necessary. El Al's security is so thorough that they keep undercover agents on hand everywhere, and they are known to change their schedule frequently to avoid a planned attack. And that's not to mention that most Israelis who might be on the flight were formally trained in the Army.

There is a story that one year before the Lockerbie disaster the Israeli Defence Ministry helped draft a security system for Pan Am Airlines, but the plan was rejected by executives as too costly and potentially annoying to passengers. Maybe the TSA is just playing "bad cop" to help clear the way for a "good cop" to emerge?

Davi OttenheimerJuly 25, 2005 11:10 AM

"It's good to have a couple of fake addresses prepared so you can recite them convincingly."

I have found that most people who are told to ask for personal information do not care one bit about the accuracy of that information, and they have no mechanism of verifying it, so unless you *want* something from the data-miners (and can justify the risk) you really have no reason at all to give them valid data. Yet another point that amassing databases based on unreliable data is just a road to nowhere.

KevinJuly 25, 2005 11:25 AM

Not a bad idea to use incorrect addresses - I do the same. But wait... what if I get profiled as a "terrorist" because it appears that I move around alot. Great - my ploys to thwart the grocery store data aggregators just might land me in a heap of trouble next time I get on a plane!

Ari HeikkinenJuly 25, 2005 11:38 AM

As you've described it, to me, it pretty much looks like you're SOL (Shit Out of Luck), unless there's some way to challenge it (in court perhaps?). So how do you prevent your own profile entering the list and getting a score that indicates you as a potential terrorist? And if that happens how do you get your profile cleaned?

DavidJuly 25, 2005 11:49 AM

We know the name, voice, history and picture of Osama Bin Laden. We spend $1 billion each week and have something like 150,000 troops on the ground, yet we cannot even catch him after nearly 4 years of the 9/11 attack, and of course we knew about Bin Laden for at least a decade before then. Why would a database help catch a terrorist of this "caliber"? And since many suicide terrorists do not have criminal histories they won't be on any list. So we cannot catch the big or little guys....

Richard Steven HackJuly 25, 2005 12:22 PM

As any intelligence officer from any country could tell you, the ONLY way to catch terrorists is to infiltrate their organization over time and work your way up to the top - hopefully without getting caught and killed yourself.

And if the terrorist group is made up of people who are related to each other, or all from the same village, or whatever, you're pretty much out of luck with that plan.

Substituting massive data collections simply isn't going to work. Period.

And our government knows this perfectly well. It is ENTIRELY about collecting info on its citizens and using it for its own ends. It doesn't and never did have any connection to "preventing terrorism." That's just the cover story. Maybe some of the idiots involved in implementing the scheme believe the cover story, too, but that changes nothing about the motivations of the sponsors.

Everyone knows from the history of EVERY intelligence agency that EVERY such agency believes that the more info you collect, the more power you have - regardless of whether the info is correct or not.

Which is why the various left groups in this country long ago issued recommendations never to talk to the FBI about ANYTHING, because the agents will use ANYTHING you say to make a case against one of your compatriots, whether it is true or not. Your only proper response to a question is: "On advice of attorney, I have nothing to say." Period. Close the door on them. (Make sure they don't have a warrant before you close the door, or you'll get shot.)

Seondly, the state needs enemies. The essence of the state is as follows:
"You give us everything you have and do exactly what we tell you, and we'll protect you from the bad people outside and inside our borders - and if there aren't any bad people, we'll make some."

Which is why bin Laden hasn't been caught and will never be caught unless it's expedient to do so for some other reason.

Meanwhile, in case you haven't heard the latest news, Dick Cheney has ordered the Defense Department to come up with a plan to attack Iran with conventional AND NUCLEAR weapons in the event of another 9/11 attack on the US - REGARDLESS of whether Iran is ultimately found to be involved.

And the news media is ignoring this report entirely.

Have a nice day.

Rob FunkJuly 25, 2005 12:52 PM

Reading this, it strikes me that the various initiatives are analogous to the way many email sites prevent spam. We block mail with certain obviously bad characteristics (like airport security blocking people carrying guns), as well as mail coming from places on certain blacklists (like the terrorist watch list), and for everything that passes those hurdles, we have spamassassin assigning points to various characteristics of the mail to guess whether it's spam (like the TSA's commercial database checks). And after all this, we still get occasional false positives and false negatives.

However, the email blacklists we use are publicly searchable, and provide ways to be removed. The spamassassin point system is also public. And in email, false positives and false negatives are both much more inoccuous than they are in the TSA programs.

Not sure if this adds anything useful or not, but the analogy jumped out at me....

Davi OttenheimerJuly 25, 2005 1:00 PM

@Richard Steven Hack

Interesting. I remember Cheney as the guy who lobbied US Congress in 1996 to remove sanctions against Iran. And then we found out recently that his company (Halliburton) had direct dealings with Iran from 1995-2000 IN SPITE OF sanctions and therefore apparently in violation of US laws. Anyone know what happened to that federal grand jury investigation?

Here's an ironic quote from Cheney in 1996:

http://www.iranexpert.com/2003/halliburtonsiran3december.htm

"Let me make a generalized statement about a trend I see in the U.S. Congress that I find disturbing, that applies not only with respect to the Iranian situation but a number of others as well. I think we Americans sometimes make mistakes...There seems to be an assumption that somehow we know what's best for everybody else and that we are going to use our economic clout to get everybody else to live the way we would like."

Is it just me or does this sound similar to the Bush family falling-out with the Bin Ladens? Business deal goes bad so the executives run for office to use the military to achieve the things that their economic muscle(s) could not -- it's like some sort of Texan soap opera or flashback to feudalism where all the regular people suffer while the wealthy Oil Barrons fight over profits.

Davi OttenheimerJuly 25, 2005 1:26 PM

I know this is a total tangent, but I think Richard has a good point about the current Administration's desire to widen the conflict abroad while restricting freedoms at home.

Here's a good look at why this might be more realistic than we'd like to imagine:

http://www.atimes.com/atimes/Middle_East/FI21Ak02.html

"Washington's strategic position in the Middle East is stronger than it has ever been, contrary to superficial interpretation. With much of central Iraq out of US control and a record level of close to 100 attacks a day against US forces, President George W Bush appears on the defensive. The moment recalls French Marshal Ferdinand Foch's 1914 dispatch from the Marne: 'My center is giving way, my right is in retreat; situation excellent. I shall attack.' To be specific, the United States will in some form or other attack Iran while it arranges the division of Iraq. [...] Personalities are less important than the layout of the chessboard. America's next move will be to break out of the stalemate in Iraq by widening the conflict."

Two of the reasons used by the Administration to justifiy the invasion of Iraq (nuclear weapons development efforts and support for Al Qaeda to carry out terrorism) were completely bogus. And yet, here we go again with the same wind up...

How reliable is the intelligence on Iran?

http://www.scoop.co.nz/stories/HL0506/S00321.htm

"'We're digging into the facts to determine' if there was an Iranian connection to Sept. 11, Bush told reporters this week, adding that he had 'long expressed my concerns about Iran. After all, it's a totalitarian society where free people are not allowed to exercise their rights as human beings.'"

joe copJuly 26, 2005 1:15 PM

What about multi jurisdictional police reports and records? Minnesota and its
CriMNet MJNO program took city cop reports from across the state and Wisconsin gave it to a rump paramilitary group (Police Chiefs Association) and included juvenile and possibly "Red Squad" data.

Shove that into your travel checkpoint database and have some real fun. Who needs cheezy commercial data.

A concerned neighbourJuly 26, 2005 2:28 PM

Guys, it is so encouraging to see this kind of debate becoming more common.

For the longest time after 9/11 it seemed that any dissent on the 'kill them all and let god sort them out' approach was being buried and considered 'Unamerican', and that was *if* you could find anything in the mainstream US press. (baaaaahhhhhh yes mr. bush baaahhhhhhh)

As an outsider (and good neighbour) looking in, the last few years have been scary indeed to watch, as your current administration widened the disconnect with 'real' Americans, and alientaed good friends world-wide. The damage to your reputation has been massive.

It's very encouraging to see more awarenesses and debate, guess a few people switched from watching fox 'news' :-)

Anyway, point I'm trying to make is this: Keep up the vigilance, question authority, and dig deeper - if the USA continues abrogating it's core values, the rest of the western world will either have to follow suit, or maybe, just maybe, decide it isn't worth the trouble and intrusion and find somewhere else to buy/sell/go on vacation/study/emigrate to etc.

Fight back now while you're still on top economically, in 20 years China will be eating all our lunches anyway!

- A concerned Canadian

SeanNovember 13, 2006 7:25 AM

The unfortunate reality is that some diseases (in the broadest possible sense) cost a whole lot more per life saved than others. Should we simply not address the "expensive" diseases? The article(s) in Forbes (I believe it was June 20, for those who care) was informative, but most emphatically not definitve. Addressing disease solely by price of life saved is not an acceptable approach to medicine.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..