TSA's Secure Flight (was Re: CRYPTO-GRAM, February 15, 2005)

R.A. Hettinga rah at shipwright.com
Tue Feb 15 08:11:41 EST 2005


At 6:23 AM -0600 2/15/05, Bruce Schneier wrote:
>                TSA's Secure Flight
>
>
>
>As I wrote last month, I am participating in a working group to study
>the security and privacy of Secure Flight, the U.S. government's
>program to match airline passengers with a terrorist watch list. In the
>end, I signed the NDA allowing me access to SSI (Sensitive Security
>Information) documents, but managed to avoid filling out the paperwork
>for a SECRET security clearance.
>
>Last month the group had its second meeting.
>
>At this point, I have four general conclusions. One, assuming that we
>need to implement a program of matching airline passengers with names
>on terrorism watch lists, Secure Flight is a major improvement -- in
>almost every way -- over what is currently in place. (And by this I
>mean the matching program, not any potential uses of commercial or
>other third-party data.)
>
>Two, the security system surrounding Secure Flight is riddled with
>security holes. There are security problems with false IDs, ID
>verification, the ability to fly on someone else's ticket, airline
>procedures, etc.  There are so many ways for a terrorist to get around
>the system that it doesn't provide much security.
>
>Three, the urge to use this system for other things will be
>irresistible. It's just too easy to say: "As long as you've got this
>system that watches out for terrorists, how about also looking for this
>list of drug dealers...and by the way, we've got the Super Bowl to
>worry about too." Once Secure Flight gets built, all it'll take is a
>new law and we'll have a nationwide security checkpoint system.
>
>And four, a program of matching airline passengers with names on
>terrorism watch lists is not making us appreciably safer, and is a
>lousy way to spend our security dollars.
>
>Unfortunately, Congress has mandated that Secure Flight be implemented,
>so it is unlikely that the program will be killed. And analyzing the
>effectiveness of the program in general, potential mission creep, and
>whether the general idea is a worthwhile one, is beyond the scope of
>the working group. In other words, my first conclusion is basically all
>that they're interested in hearing.
>
>But that means I can write about everything else.
>
>To speak to my fourth conclusion: Imagine for a minute that Secure
>Flight is perfect. That is, we can ensure that no one can fly under a
>false identity, that the watch lists have perfect identity information,
>and that Secure Flight can perfectly determine if a passenger is on the
>watch list: no false positives and no false negatives. Even if we could
>do all that, Secure Flight wouldn't be worth it.
>
>Secure Flight is a passive system. It waits for the bad guys to buy an
>airplane ticket and try to board. If the bad guys don't fly, it's a
>waste of money. If the bad guys try to blow up shopping malls instead
>of airplanes, it's a waste of money.
>
>If I had some millions of dollars to spend on terrorism security, and I
>had a watch list of potential terrorists, I would spend that money
>investigating those people. I would try to determine whether or not
>they were a terrorism threat before they got to the airport, or even if
>they had no intention of visiting an airport. I would try to prevent
>their plot regardless of whether it involved airplanes. I would clear
>the innocent people, and I would go after the guilty. I wouldn't build
>a complex computerized infrastructure and wait until one of them
>happened to wander into an airport. It just doesn't make security sense.
>
>That's my usual metric when I think about a terrorism security measure:
>Would it be more effective than taking that money and funding
>intelligence, investigation, or emergency response -- things that
>protect us regardless of what the terrorists are planning next. Money
>spent on security measures that only work against a particular
>terrorist tactic, forgetting that terrorists are adaptable, is largely
>wasted.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list