Shostack + Friends Blog Archive

 

Testing Airline Data for …what?

The New York Times reports that
“The Transportation Security Administration said Tuesday that it planned to require all airlines to turn over records on every passenger carried domestically in June, so the agency could test a new system to match passenger names against lists of known or suspected terrorists.”

The data will vary by airline. It will include each passenger’s name, address and telephone number and the flight number. It may also include such information as the names of traveling companions, meal preference, whether the reservation was changed at any point, the method of ticket payment and any comment by airline employees, like whether a passenger was drunk or belligerent in encounters with airline personnel.

Now, I may have missed it, but it seems that no hijackings took place in the US in June. So what does a successful test look like? What’s more, information about how belligerent a passenger is on the plane is clearly not available before they fly, unless there’s a new database of belligerent passengers that will be maintained. I saw no mention of such in the PIA or Federal Register notice.

The question is partially answered: “What we’re looking for is the people who are actually on that list,” said Lisa Dean, of TSA. Does TSA need a month of real data to see if they can match names, addresses, and phone numbers from a database?

This whole article forces me to ask, does the current system work at all? If there’s a list of people who are a threat to aviation, shouldn’t we have arrested some of them when they tried to fly?

This system isn’t ready for testing, never mind using real data.

One comment on "Testing Airline Data for …what?"

  • Aren’t we assuming that they’re not using the data to test their watch list but to test the passenger list against their threat algorithms and commercial and govt databases so they can determine if those algorithms are any good. Also to test and develop the interface between the raw data and their threat software.

Comments are closed.