businessweek.com
The System That Doesn't Safeguard Travel
The government's error-prone database of possible terrorists now has 13
million travelers' names, and once you're in, just try getting out
"As a public official, I appreciate and
commend those trying to protect our nation
against terrorist attacks," the letter from a
municipal employee of Bothell, Wash.,
begins. "I also have concerns, specifically
regarding the treatment of those who have
been identified as potential risks. It has
become apparent, over the course of my last
few trips, that I am one of those individuals."
Put yourself in the shoes of this man, who
wrote to his local congressman,
Representative Jay Inslee (D-Wash.), last
year. The man's listing as a possible security
threat is a mistake. Yet every time he flies,
he has to arrive at the airport
three-and-a-half hours early to ensure
enough time for the inevitable thorough
search of his baggage.
And he's not only the only one who
encounters trouble. On a recent trip, his
co-workers, who were booked under the
same reservation number, were refused
boarding passes until he passed security. "I
have now become known to staff as the
person not to travel with," he wrote. "I am
asking your help because all other attempts
to clear my name have been futile."
INNOCENT AND TRAPPED. The letter is
among a raft of documents offering new
proof that government efforts to build an
electronic tracking system of suspicious
travelers simply aren't working. The
documents, obtained by Washington (D.C.)
privacy-advocacy group Electronic Privacy
Information Center (EPIC) under the
Freedom of Information Act, recount case
after case of innocent travelers who are on
the terrorist watch lists, yet have no way to
remove themselves.
Since September 11, various federal
agencies, including the State Dept.,
Customs Service, and FBI, have created
lists of suspicious travelers, Americans and
foreigners. All told, some 13 million people (equivalent to 4.5% of
the U.S. population) are now on the terror watch list. Security
experts and common sense say 99% of those pinpointed aren't
terrorists.
The Transportation Safety Administration (TSA) says errors like
these are the reason that it needs to build a better, more complete
database of information to track and flag suspicious behavior (see
BW Online, 3/27/03, "Putting the Blinders Back on Big Brother").
Security and privacy experts, however, warn that no software exists
to do the job better. A look at the most sophisticated and successful
systems used to detect credit-card fraud supports their case.
EASY TO SPOT. Antifraud software works because a large
number of legal credit-card transactions and a large number of
unlawful transactions occur each year, says Peter Swire, a
professor of law at Ohio State University and the former privacy
counselor during the Clinton Administration. According to
consumer-payments newsletter The Nilson Report, 21.1 billion
credit-card transactions took place in 2001. With all that data, a
change in patterns is easy to spot. If John Doe usually spends
$1,000 a month on groceries, clothing, and airline tickets, and then
suddenly buys two new cars, the system is going to flag it.
Antifraud software also works well because most credit-card
thieves act the same way: They find or steal a card, and
immediately use it at a convenience store or a gas station. If it
works, it's off to the jewelry store.
That's not the case with terrorists. Since September 11, only a few
terrorist attacks around the globe have occurred that might help
authorities build a profile. Compare that to more than 30 billion
credit-card transactions over the same period in the U.S. alone.
"FINGERING INNOCENTS." Terrorists also rely on the element of
surprise. Those who bombed the World Trade Center in 1993
parked a van full of explosives in the underground parking lot. The
September 11 hijackers used box cutters and trained pilots to turn
four jet planes into missiles. Richard Reid tried to blow up a
passenger jet by packing explosives in his shoe.
"Antifraud software is designed to help [credit-card companies] cut
their losses.... It's not designed to jump-start an investigation or
curtail any criminal activity," says Frank Abagnale, a leading
authority on forgery and embezzlement and the inspiration for the
Steven Spielberg blockbuster Catch Me If You Can.
Moreover, while you might not mind the occasional call from your
credit-card company, you would mind getting on the government's
terrorist watch list. "The problem with even the best-designed
system is that you end up fingering thousands of innocents without
ever finding the guilty person," says Bruce Schneier, a security
expert who has written frequently about the trade-offs between
liberty and security.
THE WRONG GUY. In a simple database with a 1% error rate -- not
an unreasonable estimate considering the quality of the data the
government plans to feed into its terrorist watch system -- Schneier
says only one guilty person would be included for every 100 people
erroneously added. Even worse, you wouldn't know you were on the
list until you tried to board a plane or apply for a mortgage or a job.
The heedless march toward database surveillance will only lead to
more cases like Rochester (N.Y.) resident Asif Iqbal who,
unfortunately for him, shares his name with a terrorist that's in
custody at the U.S. naval base in Guantanamo Bay, Cuba.
According to EPIC documents, Iqbal was stopped at check-in as he
tried to board a plane on Feb. 18 out of Rochester. The flight
system indicated that he was a risk and should be denied a
boarding pass.
After an interview with the police and an hour-and-a-half wait while
airline staff received clearance from the FBI and other federal
agencies, he was allowed to fly. By that time, however, Iqbal had
missed his flight. The airline promised it would not happen again
and offered him an $8 coupon to buy breakfast.
"VERY DISAPPOINTED." The next day, when Iqbal showed up, he
was again denied boarding and was "forced to endure the
agonizing process" again, he wrote in a letter to his
congresswoman, Representative Louise Slaughter (D-N.Y.). He
says authorities and airport representatives explained that he would
have to endure this rigorous background check "each and every
time before I'm allowed to board a plane."
"I completely understand the measures taken by airport security
since the September 11 attacks," he continued. "But isn't American
airport-security technology more advanced than this current
program?" In the closing of his letter, Iqbal wrote: "I expected so
much more from the United States government and find myself very
disappointed by it at this time." So am I. |
