Entries Tagged "false positives"

Page 6 of 13

Israel Implementing IFF System for Commercial Aircraft

Israel is implementing an IFF (identification, friend or foe) system for commercial aircraft, designed to differentiate legitimate planes from terrorist-controlled planes.

The news article implies that it’s a basic challenge-and-response system. Ground control issues some kind of alphanumeric challenge to the plane. The pilot types the challenge into some hand-held computer device, and reads back the reply. Authentication is achieved by 1) physical possession of the device, and 2) typing a legitimate PIN into the device to activate it.

The article talks about a distress mode, where the pilot signals that a terrorist is holding a gun to his head. Likely, that’s done by typing a special distress PIN into the device, and reading back whatever the screen displays.

The military has had this sort of system—first paper-based, and eventually computer-based—for decades. The critical issue with using this on commercial aircraft is how to deal with user error. The system has to be easy enough to use, and the parts hard enough to lose, that there won’t be a lot of false alarms.

Posted on March 10, 2008 at 12:24 PMView Comments

Locked Call Boxes and Banned Geiger Counters

Fire Engineering magazine points out that fire alarms used to be kept locked to prevent false alarms:

Q: Prior to 1870, street corner fire alarm pull boxes were kept locked. Why were they kept locked and how did a person gain access to ‘pull the box?’

A: They were kept locked due to false alarms. Nearby shopkeepers or beat cops carried the keys.

According to Robert Cromie in The Great Chicago Fire (Thomas Nelson: 1994, p. 33), this may have been one reason for the slow response to the fire:

William Lee, the O’Leary’s neighbor, rushed into Goll’s drugstore, and gasped out a request for the key to the alarm box. The new boxes were attached to the walls of stores or other convenient locations. To prevent false alarms and crank calls, the boxes were locked, and the keys given to trustworthy citizens nearby.

What happened when Lee made his request is not clear. Only one fact emerges from the confusion: No alarm was registered from any box in the vicinity of the fire until it was too late to do any good.

Apparently, Lee said that Goll refused to give him the key because he’d already seen a fire engine go past; Goll said he actually did pull the alarm, twice, but if so it must not have worked.

(There’s more about what sounds like a really bad communications failure, but it’s a little too hard for me to read on the Amazon website.)

Here’s more:

But did you know that the fire burned for over half an hour before an alarm was ever sounded? Alarm boxes were actually kept locked in those days, to prevent false alarms!

When the first alarm box was finally opened and the lever pulled, the alarm somehow did not get through. The fire dispatcher was playing a guitar for a couple of girls at the time and he kept on serenely strumming, completely unawares. After the fire had been growing and blazing for nearly an hour a watchman screamed at the dispatcher to sound an alarm, which he did, and the first three engines, two hose wagons, and two hook and ladders were sent out—but in the wrong direction!

At first the dispatcher refused to sound another alarm, hoping to avoid further confusion.

Compare this with a proposed law in New York City that will require people to get a license before they can buy chemical, biological, or radiological attack detectors:

The legislation—which was proposed by the Bloomberg administration and would be the first of its kind in the nation—would empower the police commissioner to decide whether to grant a free five-year permit to individuals and companies seeking to “possess or deploy such detectors.” Common smoke alarms and carbon monoxide detectors would not be covered by the law, the Police Department said. Violations of the law would be considered a misdemeanor.

Why does the administration think such a law is necessary? Richard A. Falkenrath, the Police Department’s deputy commissioner for counterterrorism, told the Council’s Public Safety Committee at a hearing today, “Our mutual goal is to prevent false alarms and unnecessary public concern by making sure that we know where these detectors are located and that they conform to standards of quality and reliability.”

The law would also require anyone using such a detector—regardless of whether they have obtained the required permit—to notify the Police Department if the detector alerted them to a biological, chemical or radiological agent. “In this way, emergency response personnel will be able to assess threats and take appropriate action based on the maximum information available,” Dr. Falkenrath said.

False positives are a problem with any detection system, and certainly putting Geiger counters in the hands of everyone will mean a lot of amateurs calling false alarms into the police. But the way to handle that isn’t to ban Geiger counters. (Just as the way to deal with false fire alarms 100 years ago wasn’t to lock the alarm boxes.) The way to deal with it is by 1) putting a system in place to quickly separate the real alarms from the false alarms, and 2) prosecuting those who maliciously sound false alarms.

We don’t want to encourage people to report everything; that’s too many false alarms. Nor do we want to discourage them from reporting things they feel are serious. In the end, it’s the job of the police to figure out what’s what. I said this in an essay last year:

…these incidents only reinforce the need to realistically assess, not automatically escalate, citizen tips. In criminal matters, law enforcement is experienced in separating legitimate tips from unsubstantiated fears, and allocating resources accordingly; we should expect no less from them when it comes to terrorism.

EDITED TO ADD (1/18): Two commenters pointed to a 1938 invention: an alarm box that locks up your arm until the fire department sets you free. Yikes.

Posted on January 18, 2008 at 7:44 AMView Comments

Airport Behavioral Profiling Leads to an Arrest

I’m generally a fan of behavioral profiling. While it sounds weird and creepy and has been likened to Orwell’s “facecrime”, there’s no doubt that—when done properly—it works at catching common criminals:

On Dec. 4, Juan Carlos Berriel-Castillo, 22, and Bernardo Carmona-Olivares, 20, were planning to fly to Maui but were instead arrested on suspicion of forgery.

They tried to pass through a Terminal 4 security checkpoint with suspicious documents, Phoenix police spokeswoman Stacie Derge said.

The pair had false permanent-resident identification, and authorities also found false Social Security cards, officials say.

While the pair were questioned about the papers, a TSA official who had received behavior-recognition training observed a third man in the area who appeared to be connected to Berriel-Castillo and Carmona-Olivares, Melendez said.

As a result, police later arrested Samuel Gonzalez, 32. A background check revealed that Gonzalez was wanted on two misdemeanor warrants.

TSA press release here.

Security is a trade-off. The question is whether the expense of the Screening Passengers by Observation Techniques (SPOT) program, given the minor criminals it catches, is worth it. (Remember, it’s supposed to catch terrorists, not people with outstanding misdemeanor warrants.) Especially with the 99% false alarm rate:

Since January 2006, behavior-detection officers have referred about 70,000 people for secondary screening, Maccario said. Of those, about 600 to 700 were arrested on a variety of charges, including possession of drugs, weapons violations and outstanding warrants.

And the other social costs, including loss of liberty, restriction of fundamental freedoms, and the creation of a thoughtcrime. Is this the sort of power we want to give a police force in a constitutional democracy, or does it feel more like a police-state sort of thing?

This “Bizarro” cartoon sums it up nicely.

Posted on January 3, 2008 at 12:49 PMView Comments

Canadian Privacy Commissioner Comments on the No-Fly List

Refreshingly sensible:

Stoddart told inquiry Commissioner John Major she is concerned that people could be placed on the list in error and face dire consequences if their identities are then disclosed to the RCMP or passed on to police agencies in other countries.

And she questioned why, if people are so dangerous that they can’t get on a plane, they are deemed safe to travel by other means in Canada.

[…]

Between June 28, when the program came into effect, and the end of September, no passengers were turned away because of the list, the inquiry heard. Stoddart said that information only increases her suspicion about the value of the program.

“I think it only deepens the mystery of the rationale, the usefulness of this,” Stoddart said. “The program is totally opaque.”

Major suggested that perhaps less extreme measures could be taken. For example, individuals on the list might be able to undergo extra screening so they could be allowed to travel.

[…]

“We are looking to avoid what happened in 9/11. Presumably it’s to keep dangerous people capable of blowing planes up—or capturing them—off the plane. It seems difficult that you can do that by a name (on a list) alone.”

Other members of Stoddart’s staff added there are concerns someone could be stranded in Canada after arriving without incident, only to be prevented from boarding their return flight.

Posted on November 13, 2007 at 12:25 PMView Comments

Modern-Day Revenge

Mad at someone? Turn him in as a terrorist:

A man in Sweden who was angry with his daughter’s husband has been charged with libel for telling the FBI that the son-in-law had links to al-Qaeda, Swedish media reported on Friday.

The man, who admitted sending the email, said he did not think the US authorities would stupid enough to believe him.

The 40-year-old son-in-law and his wife were in the process of divorcing when the husband had to travel to the United States for business.

The wife didn’t want him to travel since she was sick and wanted him to help care for their children, regional daily Sydsvenska Dagbladet said without disclosing the couple’s names.

When the husband refused to stay home, his father-in-law wrote an email to the FBI saying the son-in-law had links to al-Qaeda in Sweden and that he was travelling to the US to meet his contacts.

He provided information on the flight number and date of arrival in the US.

The son-in-law was arrested upon landing in Florida. He was placed in handcuffs, interrogated and placed in a cell for 11 hours before being put on a flight back to Europe, the paper said.

EDITED TO ADD (11/6): Businesses do this too:

In May 2005 Jet’s application for a licence to fly to America was held up after a firm based in Maryland, also called Jet Airways, accused Mr Goyal’s company of being a money-laundering outfit for al-Qaeda. Mr Goyal says some of his local competitors were behind the claim, which was later withdrawn.

Posted on November 6, 2007 at 6:41 AMView Comments

The War on the Unexpected

We’ve opened up a new front on the war on terror. It’s an attack on the unique, the unorthodox, the unexpected; it’s a war on different. If you act different, you might find yourself investigated, questioned, and even arrested—even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats.

This isn’t the way counterterrorism is supposed to work, but it’s happening everywhere. It’s a result of our relentless campaign to convince ordinary citizens that they’re the front line of terrorism defense. “If you see something, say something” is how the ads read in the New York City subways. “If you suspect something, report it” urges another ad campaign in Manchester, UK. The Michigan State Police have a seven-minute video. Administration officials from then-attorney general John Ashcroft to DHS Secretary Michael Chertoff to President Bush have asked us all to report any suspicious activity.

The problem is that ordinary citizens don’t know what a real terrorist threat looks like. They can’t tell the difference between a bomb and a tape dispenser, electronic name badge, CD player, bat detector, or trash sculpture; or the difference between terrorist plotters and imams, musicians, or architects. All they know is that something makes them uneasy, usually based on fear, media hype, or just something being different.

Even worse: after someone reports a “terrorist threat,” the whole system is biased towards escalation and CYA instead of a more realistic threat assessment.

Watch how it happens. Someone sees something, so he says something. The person he says it to—a policeman, a security guard, a flight attendant—now faces a choice: ignore or escalate. Even though he may believe that it’s a false alarm, it’s not in his best interests to dismiss the threat. If he’s wrong, it’ll cost him his career. But if he escalates, he’ll be praised for “doing his job” and the cost will be borne by others. So he escalates. And the person he escalates to also escalates, in a series of CYA decisions. And before we’re done, innocent people have been arrested, airports have been evacuated, and hundreds of police hours have been wasted.

This story has been repeated endlessly, both in the U.S. and in other countries. Someone—these are all real—notices a funny smell, or some white powder, or two people passing an envelope, or a dark-skinned man leaving boxes at the curb, or a cell phone in an airplane seat; the police cordon off the area, make arrests, and/or evacuate airplanes; and in the end the cause of the alarm is revealed as a pot of Thai chili sauce, or flour, or a utility bill, or an English professor recycling, or a cell phone in an airplane seat.

Of course, by then it’s too late for the authorities to admit that they made a mistake and overreacted, that a sane voice of reason at some level should have prevailed. What follows is the parade of police and elected officials praising each other for doing a great job, and prosecuting the poor victim—the person who was different in the first place—for having the temerity to try to trick them.

For some reason, governments are encouraging this kind of behavior. It’s not just the publicity campaigns asking people to come forward and snitch on their neighbors; they’re asking certain professions to pay particular attention: truckers to watch the highways, students to watch campuses, and scuba instructors to watch their students. The U.S. wanted meter readers and telephone repairmen to snoop around houses. There’s even a new law protecting people who turn in their travel mates based on some undefined “objectively reasonable suspicion,” whatever that is.

If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.

We need to do two things. The first is to stop urging people to report their fears. People have always come forward to tell the police when they see something genuinely suspicious, and should continue to do so. But encouraging people to raise an alarm every time they’re spooked only squanders our security resources and makes no one safer.

We don’t want people to never report anything. A store clerk’s tip led to the unraveling of a plot to attack Fort Dix last May, and in March an alert Southern California woman foiled a kidnapping by calling the police about a suspicious man carting around a person-sized crate. But these incidents only reinforce the need to realistically assess, not automatically escalate, citizen tips. In criminal matters, law enforcement is experienced in separating legitimate tips from unsubstantiated fears, and allocating resources accordingly; we should expect no less from them when it comes to terrorism.

Equally important, politicians need to stop praising and promoting the officers who get it wrong. And everyone needs to stop castigating, and prosecuting, the victims just because they embarrassed the police by their innocence.

Causing a city-wide panic over blinking signs, a guy with a pellet gun, or stray backpacks, is not evidence of doing a good job: it’s evidence of squandering police resources. Even worse, it causes its own form of terror, and encourages people to be even more alarmist in the future. We need to spend our resources on things that actually make us safer, not on chasing down and trumpeting every paranoid threat anyone can come up with.

This essay originally appeared on Wired.com.

EDITED TO ADD (11/1): Some links didn’t make it into the original article. There’s this creepy “if you see a father holding his child’s hands, call the cops” campaign, this story of an iPod found on an airplane, and this story of an “improvised electronics device” trying to get through airport security. This is a good essay on the “war on electronics.”

EDITED TO ADD (11/25): More examples of rediculous non-terrorism overreactions, and a story about recruiting firefighters to snoop around in peoples’ houses:

Unlike police, firefighters and emergency medical personnel don’t need warrants to access hundreds of thousands of homes and buildings each year, putting them in a position to spot behavior that could indicate terrorist activity or planning.

Posted on November 1, 2007 at 4:42 AMView Comments

More Behavioral Profiling

I’ve seen several articles based on this press release:

Computer and behavioral scientists at the University at Buffalo are developing automated systems that track faces, voices, bodies and other biometrics against scientifically tested behavioral indicators to provide a numerical score of the likelihood that an individual may be about to commit a terrorist act.

I am generally in favor of funding all sorts of research, no matter how outlandish—you never know when you’ll discover something really good—and I am generally in favor of this sort of behavioral assessment profiling.

But I wish reporters would approach these topics with something resembling skepticism. The false-positive rate matters far more than the false-negative rate, and I doubt something like this will be ready for fielding any time soon.

EDITED TO ADD (10/13): Another comment.

Posted on October 15, 2007 at 6:16 AMView Comments

Fraudulent Amber Alerts

Amber Alerts are general notifications in the first few hours after a child has been abducted. The idea is that if you get the word out quickly, you have a better chance of recovering the child.

There’s an interesting social dynamic here, though. If you issue too many of these, the public starts ignoring them. This is doubly true if the alerts turn out to be false.

That’s why two hoax Amber Alerts in September (one in Miami and the other in North Carolina) are a big deal. And it’s a disturbing trend. Here’s data from 2004:

Out of 233 Amber Alerts issued last year, at least 46 were made for children who were lost, had run away or were the subjects of hoaxes and misunderstandings, according to the Scripps Howard study, which used records from the National Center for Missing and Exploited Children.

Police also violated federal and state guidelines by issuing dozens of vague alerts with little information upon which the public can act. The study found that 23 alerts were issued last year even though police didn’t know the name of the child who supposedly had been abducted. Twenty-five alerts were issued without complete details about the suspect or a description of the vehicle used in the abduction.

Think of it as a denial-of-service attack against the real world.

Posted on October 5, 2007 at 11:00 AMView Comments

Latest Terrorist False Alarm: Chili Peppers

In London:

Three streets were closed and people evacuated from the area as the search was carried out. After locating the source at about 7pm, emergency crews smashed their way into the Thai Cottage restaurant in D’Arblay Street only to emerge with a 9lb pot of smouldering dried chillies.

Baffled chef Chalemchai Tangjariyapoon, who had been cooking a spicy dip, was amazed to find himself at the centre of the terror scare.

“We only cook it once a year—it’s a spicy dip with extra hot chillies that are deliberately burned,” he said.

“To us it smells like burned chilli and it is slightly unusual. I can understand why people who weren’t Thai would not know what it was but it doesn’t smell like chemicals. I’m a bit confused.”

Another story.

Were this the U.S., that restaurant would be charged with terrorism, or creating a fake bomb, or anything to make the authorities feel better. On the other hand, at least the cook wasn’t shot.

EDITED TO ADD (10/4): Common sense:

The police spokesman said no arrests were made in the case.

“As far as I’m aware it’s not a criminal offense to cook very strong chili,” he said.

EDITED TO ADD (10/11): The BBC has a recipe, in case you need to create your own chemical weapon scare.

Posted on October 3, 2007 at 10:28 AMView Comments

Gun-Shaped Laptop Battery

Seems like bad design:

My laptop bag has scared TSA security personnel at several airports recently, requiring manual bag inspections each time. And when it happened again this week I finally figured out what it is that was freaking them out when the bag went through the x-ray machine—it’s the spare laptop battery I always carry. This would never be an issue if the battery were inside the laptop, but the spare battery (depending on how it is laying in the back) can catch attention. But, TSA issues aside, look at the shape of the battery. You just have to wonder—what on earth was IBM thinking?

The answer, of course, is obvious: it never occured to them.

Posted on August 8, 2007 at 2:12 PMView Comments

1 4 5 6 7 8 13

Sidebar photo of Bruce Schneier by Joe MacInnis.