Google
web Musings of The Global Traveller

Thursday, July 24, 2008

TSA Watchlist a False Security

In my previous blog entry I explained how the TSA’s claim of "small" selectee and no fly watchlist is nothing of the sort and impacts millions. Many readers will, however, have noticed that I omitted (deliberately in the interests of space) some key arguments against a watchlist. This entry covers those arguments.

In tv crime shows the detective or lawyer looks for 3 angles to assess guilt – motive, opportunity and means. I’ll use these in a different way, to assess the worth of having the watchlist.

For the sake of argument, lets suppose the watchlist is perfect. There are no false positives (name of an innocent matches someone on the list or an innocent name is on the list). The watchlist, then, is a list of names of those who have the motive for terrorism based on perfect intelligence. But perfect intelligence is an oxymoron. It is relatively easy for a terrorist to avoid being on the list, or to find someone else who is not on the list to do the evil deed. So the watchlist is insufficient to prove motive, or to put it another way does not filter passengers into those with motive and those without. Not a good start against the criteria.

Next consider opportunity. Pretty much everyone who flies, works in or near airports or airlines has an opportunity to do harm. It is a fact of life, and really by definition, that you cannot prevent opportunity for terrorism. This criteria therefore is no help at all, and again the presence or absence of a name on a watchlist proves nothing.

What about means? This is where security really should be, and leave the rest of the window dressing alone. If the means are prevented then there can be no terrorist attack. The names on a watchlist matter not to means either.

Thus, the watchlist does not improve security – it is a false security.

But wait, there’s more. If the 50,000 people on the no fly and selectee watchlists really all are going to crash or hijack planes, shouldn’t they all be arrested? The 50,000 are not arrested because the intelligence is imperfect. They don’t have sufficient proof of terrorist intent and means, and the outcry from so many false arrests would show up the lists as the sham they are. The bigger the list gets and the more times the importance of the watchlist is emphasised by TSA, the harder it is for a reversal, an admission of error. That is really unfortunate, especially for the millions of innocents caught up in the dragnet (refer my previous blog entry).

TSA watchlist of 1 million

I don't blog much about the TSA (USA's transport security if you're lucky enough to not know what it is about), mainly because pretty much every policy they implement riles me up. There is plenty of coverage elsewhere on their terrible practices and stuff-ups.

However, an entry on the TSA blog from a couple of weeks ago has gotten me even more riled up than normal so that I have to comment on it. The blog entry is a self-styled myth buster on the recent news that the watchlist has 1 million names.

A summary of the TSA blog entry:

  • 2 million daily passengers (this is USA only)
  • 400,000 on a consolidated terror watch list
  • 50,000 selectee and no-fly lists (subsets of the consolidated terror watch list)
  • buster #1 - the list is not 1 million names long
  • buster #2 - ACLU's method to estimate 1 million names is flawed
  • buster #3 - Ted Kennedy, Catherine Stevens and Robert Johnson are not on the no-fly lists, they just happen to have the same names as other who are on the no-fly lists. Then there is spiel that spending more money will enable the number of false positives to be reduced, and that those who are falsely identified (false positive) face only minor inconvenience.
  • Terror watch lists keep legitimate terror threats off of airplanes every day, all over the world. (This point is a verbatim quote.)

Given the watchlist isn't public info, I'll take TSA's word that the list is "only" 400,000 names long. I'll also take their word that the names used to trigger extra security or outright prevent from flying are a mere 50,000 names.

Now to some that may not seem a big number, compared with say the population of USA.

However, a unique name is rather rare. Some common names have many thousands who share the exact same name - for example a couple of dozen others shared my name even in the small town I used to live in (and no my surname is not Smith). Suppose there are 100 people with the same name on average - this I think is a low estimate. Some unusual names will only have few people with the same name, while other names may have 100,000 people or more with the same name. That 50,000 list now matches 5,000,000 names. Not so small any more, is it?

Unfortunately that isn't the end of it. For "bad people" could try to fool the system by slightly tweaking their name - using initials, changing the spelling slightly, etc. So the watchlist system gets close matches as well as exact matches. The number of names matching the list grows again.

Now, for some the ends (prevent terrorist attack) justify the means (extra hassles for those whose name "matches" the selectee and no-fly lists). However, consider this. How many of the 50,000 names realistically will try to blow up or crash a plane? I bet it is a tiny number - let's say 100 for argument's sake. Of those, a portion will presumably be savvy enough to realise that if they can take a name that doesn't match the list (or find a suitably named new recruit) they won't be subject to extra security. So really the security the name matching provides is non-existant.

But for the notion of apparent security, a significant proportion of the travelling public faces inconvenience. The TSA blog entry downplays the impact by claiming it merely limits ability to check in online. However, the real impact is far worse. Missed flights due to longer times to check in, missed connecting flights, being stranded at the transit point (eg if you couldn't get through checked for the onward flight), not being able to easily switch flights to another airline in the event of irregular operations, etc. Then there is the time totally wasted by all these people, which somehow never make it into a proper cost-benefit analysis.

To sum up - lots of costs, no benefit, faulty logic being used to justify it all. Unfortunately this sounds rather like some other aspects of security (and not just TSA, other countries are not immune).

Those readers interested in finding out more, I suggest checking out the excellent Schneier on Security.

Tuesday, July 15, 2008

Travel update

Sorry for the lack of recent blog posts. While I haven't had as much travel lately as normal (blame the need to stay in the country while my passport gets some visas for upcoming trips), I certainly haven't been grounded and have still been busy with travel-related plans.

I managed to rush through ticketing some trips that became "impossible" to ticket after the move to e-ticketing.

Star Alliance has a new member, Egypt Air, and so I have been checking how I can leverage that in an upcoming trip. There normally are some welcome to the alliance type promotions. Since I belong to many frequent flyer programs I can pick the promo that best suits my travel. Check out Flyer Talk's Star Alliance forum for more info.

In the middle of a couple of big trips later in the year, I've planned some side-trips to places I haven't been before and perhaps not so easy to get to. 2 of these are now ticketed and I have 2 more to sort out.

The Qantas frequent flyer program finally launched their response to Virgin Blue and Air New Zealand's any seat redemptions. My analysis is it is a pale imitation - awards are more expensive (some simple round trips are well over a million posts!) and yet Qantas will not allow any seat redemptions on the cheapest fares. The ability to flex the any seat award cost between points and $ is interesting, but worthless given the ridiculously poor value assigned to a point. There is also concern that less regular awards will be made available. Conclusion - the changes are good for small business owners who earn vast amounts of points from credit card spend and a yawn for everyone else.

A number of schedule changes have been made with varying impacts on my upcoming itineraries. The worst will have me spend 2+ hours in the middle of the night waiting for transfers to open up (the alternative was spending 3 hours landside with no amenities).

After a long absence I had some more domestic travel - by air and by train. I appreciated that the lounge staff (3 different cities for 2 airlines) had noticed my absence!

I've had to chase up several flights that have not been credited from earlier trips. The amount that failed to credit automatically added up to almost 100,000 miles so worth my spending some time following up.

I have decided (I think) to switch my hotel loyalty. I've been with Hilton a few years mostly as Diamond (and a couple of years as Gold). However the issues I had earlier in the year (see here for example), plus problems getting my earned status recognised, a total absence of promotions and terrible room rates at the hotels I usually stay at frequently; means it is no longer worth it to me. I still have to figure out how best to cash in my points while I still have some status (thus better award availability). In the meantime I requalified for Priority Club Gold in just 2 1-night stays and by my calculations should reach Platinum with another 3 or 4 nights, thanks to some decent promos.

Paper ticket issuance hassles

It hasn't taken me long to curse IATA's 100% e-ticketing initiative. For some info check out a previous blog entry here.

A recent booking apparently required a paper ticket for reasons that are not clear to me. The obvious limitations or potential issues are not relevant - there are less than 16 flights, not an infant or child fare, all airports are e-ticketable, the marketing airlines are all e-ticketable.

Anyway, for some reason I need a paper ticket. It is now 3 weeks since the booking was made (and payment taken), with no ticket yet issued. I've made several phone calls to the airline and no one has yet worked out (a) exactly what is the problem, and (b) how to fix it or work around it. I'm glad my travel dates are a long way ahead - if I'd been booking at the last minute as I often do, I would not have been able to travel.

Still, I hope it is resolved soon. A couple of flights are codeshares and the operating airline could decide to cancel my booking for not ticketing within their time limits.

If you have any itinerary likely to require paper ticketing, my suggestion is to book and ticket well in advance of travel date. Unfortunately these ticketing issues do not just affect new bookings as some old paper tickets issued before 1 June 2008 may still require reissuing as a paper ticket, possibly at short notice if the flights change at an inopportune time.

I hope the airlines resolve the system issues quickly.