Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« 9/11 Legislation Moving Fast | Main | Why Privacy Laws and Advocates Matter »
October 09, 2004 | No Fly List

Following Friday's data dump by government lawyers in an ACLU-lawyered challenge by two peace activists, The New York Times and The Washington Post both have must reads on the no-fly and selectee lists.

The Post's Sara Kehaulani Goo has some great insider details here. Goo gets an unnamed government official to say that the lists are now 20,000 names long. I'm skeptical about that number for reasons I'll get to later, but if it is correct, suffice it to say that something radical happened in the watch list making process sometime after spring 2003.

Eric Lichtblau of the Times has his version here.

These documents are great reading in that odd FOIA way.

What comes across most is the inter-agency infighting about who is responsible for putting and removing people from the list. FBI agents resented constantly being called to airline counters to clear people to fly when their names matched the no-fly list. FBI agents and administrators seemed constantly befuddled and annoyed by the standards (or lack of) surrounding how a person got put on either the no-fly list or the selectee list.

Being on the former means the government considers you an aviation security risk and if you are on the list, you are not allowed to fly and you will get interrogated by an FBI agent if you show up at the airport.

A selectee, however, can still fly. That person will simply get an SSSS on their ticket and will get extra scrutiny (secondary screening) from TSA screeners. Keep in mind, however, that an SSSS on your ticket does not mean that you are on the selectee list. The same designation is given to people flagged by CAPPS randomly or for buying a ticket with cash or at the last minute.

The other possibility is that your name matches closely with a name on the list. The Post article makes much of the fact that airlines use an algorithm to match passenger names to the list:


Passengers are falsely flagged by the lists in such large numbers because of the kind of technology airlines use to compare the reservation lists to the watch lists, according to experts in name-matching technology. Each airline conducts the matches differently. Many major carriers use a system that strips the vowels from each passenger's name and assigns it a code based on the name's phonetic sound, according to the Air Transport Association.

This system is known as Soundex.

The phonetic-code concept is traced back to a program called Soundex patented in 1918, which was used by Census Bureau officials to help sort out names that sounded similar but might be spelled differently. The name "Kennedy," for example, would be assigned the Soundex code K530, which is the same code assigned to Kemmet, Kenndey, Kent, Kimmet, Kimmett, Kindt and Knott, according to genealogy Web sites that use the technology. Today's systems are more sophisticated than Soundex, but they grew from the same origins, experts said.

Doesn't that sound primitive?

I wouldn't be so hasty.

Remember there are 2 million passengers flying a day. If the reservation centers (or the airlines) were simply using Soundex, there would be a hell of a lot more mishits than there currently are. I assume they are using lists of derivative/alternate names (Bob/Bobby/Rob and Bryan/Brien/Brian) and are likely not using Soundex, but probably a Metaphone derivative.

Regardless, the TSA is going to have a tough time finding a way to keep false positives down when the checking comes in house to the government and the list expands to even more names. Last I heard (and no one at the TSA has been able to tell me different) the centralized watch list had 120,000 names on it. (More on these efforts from Edward Hasbrouck's post about Secure Flight contracting.)

More on the details of the FOIAs later. There's some great little nuggets in there and I'll try to get to some of them tomorrow.

Posted by Ryan Singel at October 9, 2004 03:41 PM
Powered by
Movable Type 3.2