Shostack + Friends Blog Archive


Testing Airline Customers

Ed Hasbrouck has another pair of good posts (1, 2) on the “Free Wheelchairs” program. In the first one, he quotes from “Department of Homeland Security Appropriations Act, 2005”, H.R. 4567:

(2) the underlying error rate of the government and private data bases that will be used both to establish identity and assign a risk level to a passenger will not produce a large number of false positives that will result in a significant number of passengers being treated mistakenly or security resources being diverted;

(3) the TSA has stress-tested and demonstrated the efficacy and accuracy of all search tools in CAPPS II or Secure Flight or other follow on/successor programs and has demonstrated that CAPPS II or Secure Flight or other follow on/successor programs can make an accurate predictive assessment of those passengers who may constitute a threat to aviation;

There’s an analogy here to intrusion detection programs, which was first pointed out by Taosecurity. That is that you may not have false positives, people mistakenly identified as terrorists, and you may not have false negatives, that is missing those who “may constitute a threat to aviation.” In the computer security world, Intrusion Detection Systems are notoriously hard to tune so that they get the attacks you want, and don’t produce huge amounts of noise. Some companies are dumping their IDSs because of this. Can we learn something about what may happen to CAPPS-2?

Assuming for a moment that the meaning of “constituting a threat to aviation” is that someone imminently and demonstrably plans to hijack, blow up, or otherwise attack a plane, then you need to catch them with tools handy. That might work better if we concentrate on looking for the tools, rather than collecting home phone numbers. If the meaning is broader than that, it may mean that you need to arrest them, or risk exposing an intelligence operation. If you tip your hand and show that a suspect is on a watch list, then the terrorist pool can be adjusted to deal with that.

It seems that meeting subparagraphs (2) and (3), which are both good criteria, is going to be quite difficult. Perhaps airline security should start with a focus on people bringing dangerous things onto planes, rather than who they are, and trying to discern their motives.
That’s not to say that if intelligence agencies are watching someone, they should never share that with TSA for extra scrutiny. But this isn’t about a watch-list, its about behavioral profiling of the American people, in a manner that has never been shown to work.