Shostack + Friends Blog Archive

 

Sweet Land of Databases

In “Stuck on the No-Fly List,” [link to http://www.wired.com/news/privacy/0,1848,68974,00.html?tw=rss.PRV no longer works] Ryan Singel discusses the procedure for, no not getting off the list [1], but for getting onto yet another “cleared” list.[2] Confused? I was too. The head of the Terrorist Screening Center [3] told me recently that I’d mixed up “No-Fly” and “Selectee.” As Daniel Solove explains in “Secure Flight: A Lesson in What Not to Do,” that’s understandable, the system is as transparent as mud. Professor Solove is commenting on the report the Secure Flight Working Group wrote. He also explains why that lack of transparency is bad for society. One of the working group members, Bruce Schneier writes about the release:

I had given up on the process, sick of not being able to get any answers out of TSA, and believed that the report would end up in somebody’s desk drawer, never to be seen again. I was stunned when I learned that the ASAC made the report public.

One of the issues that Schneier mentions is that there’s no simple explanation of what the goal of secure flight is. As I’ve mentioned recently, I’m something of a requirements-crafting geek, and so this makes me doubly sad.

In related makes-me-sad news, the Washington Post has a story about “Bill Would Permit DNA Collection From All Those Arrested.” It’s pretty clear that this data will be analyzed and stored by commercial data brokers and gossip-mongers who will sell it to your health insurer, and anyone else who has a nickel. Victims of identity theft will be further-screwed, as the fraudster’s DNA precedes theirs in seeding the databases.

Finally, in a bit of overseas news from our liberty-loving friends in Airstrip One England, Europhobia has an explanation of “Lords to decide on allowing evidence extracted by torture.”

And now for the footnotes, because I couldn’t work all of my comments into the flow of the text:

[1] You silly goose! No one gets off the list!
[2] The actual procedure, as Singel explains in “Nun Terrorized by Terror Watch,” [link to http://www.wired.com/news/privacy/0,1848,68973,00.html?tw=rss.PRV no longer works] is to call your powerful friends. Don’t have powerful friends? Ooooh! So sad! Better make some if you’d like to spend less than five or six hours being harassed before each flight.

[3] Shouldn’t that be Terrorist-Screening Center? Left unhyphenated, ‘terrorist’ modifies ‘center,’ not ‘screening.’ On second thought, maybe they have it right.

2 comments on "Sweet Land of Databases"

  • Fred says:

    Well if you are going to make fun of the Terrorist Screening Center, you might as well note that the Center doesn’t screen anyone anyhow.
    Instead, the Screening Center collects names from a bunch of agencies and then ships off copies of the database to a bunch of federal, state and local agencies.
    That’s what the “Screening” Center does.

  • Adam says:

    Thats not at all how Donna Bucella (Director – Terrorist Screening Center) described it, which is that they have a database, and local, state, and federal law enforcement dispatch are able to call into it.

Comments are closed.