Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 3+ Million passengers to be misidentified?

From: David Farber <dave () farber net>
Date: Thu, 16 Aug 2007 20:06:28 -0400


Begin forwarded message:

From: DV Henkel-Wallace <dvhw () talima com>
Date: August 16, 2007 5:58:56 PM EDT
To: Krishna Kumar <kmkumar () earthling net>
Cc: David Farber <dave () farber net>
Subject: Re: [IP] Re: 3+ Million passengers to be misidentified?
Oh, your question is quite easy to answer in a practical (i.e. non- sarcastic way): 


From: Krishna Kumar <kmkumar () earthling net>
Date: August 15, 2007 4:42:38 PM EDT
5) I understand these are BIG numbers. But how is that I can apply for a credit card -- a more intrusive survey -- and get a response in 30 seconds, or how is that MC/Visa can process a billion transactions a day -- and TSA 
can't run names against a database in a 24 hour window (let alone a 5
minute window).
The risks are asymmetric. CC companies have already insured for the risk of one card failing (they just lose a little money, and they generally don't give large credit limits to start). They aggregate their risk over a large volume and of course they have decades of transaction history to work on.
The TSA has the opposite situation on all fronts: almost zero historical data, no centralised rating bureau, and enourmous risk: a single failure will cause heads to roll at the agency (not to mention, to be fair, possible loss of life). The press, congress, etc will make their life miserable. Just imagine you were one of the competent FEMA employees (and I assume that most are). Wouldn't you feel demoralised by now? 

All that being said:


  This entire system is unwieldy and pointless -- if I was
a terrorist all I would need is a fake passport # to give to the airline (not even a fake passport), be cleared in a 72 hour window, show up, give 
a crappy fake passport to the check-in people (as you know, they are
trained to recogonize those things) and be on my flight.
I agree that 24 hours, 72 hours, 5 minutes -- they're probably all the same. And the bad guys are the ones who _have_ the time to plan. But the theory is that if you make enough hoops difficult to jump through you'll cause the bad guy to screw one of them up. That's clearly true, and in hindsight it's always possible to find a gajillion signs that "somebody should have seen at the time." But is there a way to find those failures as they occur? If there were we'd never have to debug our code either.
Oy yeah, here's another theoretical defense: even if the bad guy slips through and does something nasty, all this screening might leave enough traces that you can ex post facto follow him back to find the "actual bad guys". Assuming there _are_ "actual bad guys" to find. 

-d


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: