×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Terror Watchlist "Crippled By Technical Flaws"

kdawson posted more than 5 years ago | from the little-bobby-datas-we-call-him dept.

Government 324

I Don't Believe in Imaginary Property writes "The database used by the government to generate lists like the No-Fly List is 'crippled by technical flaws,' according to the chairman of a House technology oversight subcommittee. And the upgrade may be worse than the original. Rep. Brad Miller (D-NC) says that 'if actually deployed, [the upgrade] will leave our country more vulnerable than the existing yet flawed system in operation today.' It seems that the current database doesn't have any easy way to do plain-text matching, forcing users to enter SQL queries. That might not sound so bad until you learn that the database contains 463 poorly indexed tables. How long until there's a terrorist named Robert'); DROP DATABASE; —?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

324 comments

is this "obvious news day" again? (1, Flamebait)

Adolf Hitroll (562418) | more than 5 years ago | (#24749777)

Because theres' nothing a non-USian can learn in such a "story", except that US-ians are teh morons.

Re:is this "obvious news day" again? (4, Funny)

PC and Sony Fanboy (1248258) | more than 5 years ago | (#24749967)

Because theres' nothing a non-USian can learn in such a "story", except that US-ians are teh morons.

Hold on, that's not true! In this story, we learn that the terrorist watch list is not only a bad idea, but it is poorly implemented!

Re:is this "obvious news day" again? (1, Funny)

damn_registrars (1103043) | more than 5 years ago | (#24750093)

Because theres' nothing a non-USian can learn in such a "story", except that US-ians are teh morons.

Hold on, that's not true! In this story, we learn that the terrorist watch list is not only a bad idea, but it is poorly implemented!

I think he may have been trying to indicate that we already knew that. Even more so, that pretty much everyone in the world already knew that.

Re:is this "obvious news day" again? (5, Interesting)

wamerocity (1106155) | more than 5 years ago | (#24750147)

Well let me give you my personal experience about it. I have a relative named "David Hall." Pretty common name huh? Well he was put on the terror watch list years ago because there is a suspicious person named David Hall. He was able to determine that the person they were after was many years older, had a different birthdate, SSN, and even lived in a state he had never been in.

Since he flew a lot for work, the unfortunate consequence was being FULLY searched EVERY time he went through the airport. He finally called up the TSA once and told them, "How about I just come into your office. If I am your man, ARREST ME! If I'm not, then get me off of this list!" to which they responded, "I'm sorry sir, but it doesn't work that way."

All in all, it took him over 3 years to finally get his name off. I think the criteria for being on the terror watch list are pretty well summed up here:

-If you have the same name, initials or hair color as a felon, you're on the list.

-If you've ever lived withing a 5 mile radius of a felon, you're on the list.

-If you've ever flown on an airline that a terrorist has ever attacked before, you're on the list. and finally.

-If airport security is bored, you're on the list.

Any thoughts?

Re:is this "obvious news day" again? (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24750707)

This happened to one of the guys at the company I work at, who has a pretty common name and flew at least once a month. Every single time, he'ld be datained a couple of hours.

It took several years and several thousand dollars of lawyer fees to fix (company paid, I assume, since they needed him to travel).

Re:is this "obvious news day" again? (5, Interesting)

Krinsath (1048838) | more than 5 years ago | (#24750755)

Mr. Stewart and his Daily Show summarized it well when the watch list hit 1,000,000 names:

"If you want to know if you're on the list just visit the website and start scrolling and by the time you get to the bottom you'll be on it."

My uncle had a similar experience to your relative when he was returning from Jamaica (he was there for his anniversary). He had the exact name (middle too) of a wanted felon and was detained in customs for hours before they finally figured out he was from the other side of the country as his evil name-twin. As he pointed out at the time, "If I was the person they were looking for, would I be quite so stupid as to travel under my real name with genuine IDs in my name?" It's not like the guy was just "suspected"...he was pretty much a known criminal/fugitive.

That's what happens when.... (5, Insightful)

ericspinder (146776) | more than 5 years ago | (#24749783)

That's what happens when your interview questions are a political loyalty test.

Re:That's what happens when.... (1)

QX-Mat (460729) | more than 5 years ago | (#24749805)

I understand that's what happened in the justice department - is that true of other departments?

Re:That's what happens when.... (3, Insightful)

gEvil (beta) (945888) | more than 5 years ago | (#24750015)

I understand that's what happened in the justice department - is that true of other departments?

Considering the modus operandi of this administration, I'd be very surprised if this weren't a widespread practice.

Re:That's what happens when.... (5, Funny)

Anonymous Coward | more than 5 years ago | (#24750055)

I heard they douse you in Holy Water. If it tastes like burning, you're hired on the spot.

Re:That's what happens when.... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#24750183)

Do you think the next administration will change things?

I don't.

Re:That's what happens when.... (1)

Lostlander (1219708) | more than 5 years ago | (#24750335)

Of course they will after all who wants the last guys lackeys in positions that your own lackeys can be in.

Re:That's what happens when.... (2, Insightful)

wisty (1335733) | more than 5 years ago | (#24750083)

It happens in any place where IT is an essential part, and an optional extra. If IT is essential you need meetings and accountability, and no feature gets a cost-benefit analysis by anyone with a clue because all of them are "essential".

Re:That's what happens when.... (5, Interesting)

smilindog2000 (907665) | more than 5 years ago | (#24750157)

Err... yes. Just FEMA, the CIA, and nearly every other major department. Bush's loyalty test brought us the Katrina aftermath fiasco, and mass resignations at the CIA. He even tried to appoint his personal lawyer to the Supreme Court. As they say, "sh-t flows down-hill." When the man in charge is a complete moron, the entire government suffers.

Sorry, you were probably making a joke. A lot of us on this forum don't get sarcasm as easily as we should.

Re:That's what happens when.... (4, Funny)

fastest fascist (1086001) | more than 5 years ago | (#24750145)

Don't knock it. This is proof a poor process CAN lead to good results. Those responsible for this should be generously rewarded.

Robert'); DROP DATABASE; â" (2, Funny)

Hyppy (74366) | more than 5 years ago | (#24749791)

Oh yes. Little Bobby Datas, we call him.

xkcd. [xkcd.com] Always relevant.

Re:Robert'); DROP DATABASE; â" (-1, Troll)

hansraj (458504) | more than 5 years ago | (#24749841)

Slashdot editors see through your try of getting +5 funny/insightful by linking to xkcd. They have upgrades the xkcd meme to be part of story now. Soon all slashdot summaries will contain "I for one../In soviet Russia../Freaking sharks" etc too.

I, for one, welcome our meme neutralizing slashdot editor-overlords.

I, for one, welcome our meme neutralizing slashdot (1)

OneSmartFellow (716217) | more than 5 years ago | (#24750177)

I, for one, welcome our meme neutralizing slashdot editor-overlords, film at eleven

There, fixed that for you (which is, in fact, my favourite meme.)

Re:Robert'); DROP DATABASE; â" (0)

Anonymous Coward | more than 5 years ago | (#24750547)

I, for one, welcome our meme neutralizing slashdot editor-nazis.

Re:Robert'); DROP DATABASE; â" (3, Informative)

goose-incarnated (1145029) | more than 5 years ago | (#24749861)

Little Bobby Tables, I think you'll find

Re:Robert'); DROP DATABASE; (2, Informative)

Hyppy (74366) | more than 5 years ago | (#24749905)

In the comic, it's "DROP TABLE." In the summary, it's "DROP DATABASE."

Re:Robert'); DROP DATABASE; (2, Interesting)

damn_registrars (1103043) | more than 5 years ago | (#24750099)

In the comic, it's "DROP TABLE." In the summary, it's "DROP DATABASE."

I wonder if I'm the only SQL noob who had to look up the "drop database" command to see that indeed it is valid?

Granted, not everyone gets to play with their first database with the rights to even use the 'drop database' command...

It'll all work itself out ... (5, Funny)

daveime (1253762) | more than 5 years ago | (#24749813)

The amount of people they want to include on their "t3rr0rz l1zt" it'll only be a matter of time before we have

Osama Bin CREATE INDEX;

and

Saddam OPTIMIZE TABLE;

Then everything will be hunk dory again.

Re:It'll all work itself out ... (4, Funny)

DoofusOfDeath (636671) | more than 5 years ago | (#24750277)

Saddam OPTIMIZE TABLE

Actually, I think the SQL 2012 standard only supports the short form, "SADDAMIZE TABLE".

Number of tables (4, Interesting)

suso (153703) | more than 5 years ago | (#24749821)

That might not sound so bad until you learn that the database contains 463 poorly indexed tables.

This is not a good measure of how good or bad a database is. Its good to have a table for every type of data and every data type. Read about normalization. You can go overboard, but as long as your database is designed well, having 463 tables might be just fine.

I say this because once I heard consultant say something like "This web application shouldn't need more than 40 tables, when in fact they didn't know much about the details of the web app, which were quite sophisticated and the real application had more than 100 tables."

Number of tables, no Poorly indexed (4, Insightful)

ericspinder (146776) | more than 5 years ago | (#24749959)

The problem is not the number of tables, but the fact that they are apparently 'poorly indexed'. Table indexes are important, both for the speed of queries, and data integrity.

Re:Number of tables, no Poorly indexed (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#24750009)

Wow, so create the indexes then. What's up with you all, this is elementary stuff. You lot are carrying on as if it's Y2K, not a few hours creating the required indexes.

Re:Number of tables, no Poorly indexed (4, Insightful)

ericspinder (146776) | more than 5 years ago | (#24750181)

Wow, so create the indexes then. What's up with you all, this is elementary stuff...a few hours creating the required indexes.

Fixing or even working on, an application and database developed without proper indexes (and foreign keys) is a real pain in the butt, and fraught with 'danger'.

You lot are carrying on as if it's Y2K

Hey, Y2k was 'just' changing a two digit year to a four digit year. By what seems like your standards there shouldn't any 'work' behind that either. Just because it's easy to say, doesn't mean that it's easy to do.

Re:Number of tables, no Poorly indexed (1)

I cant believe its n (1103137) | more than 5 years ago | (#24750191)

Considering how the GW administration has acted in recent years, here is a reworked meme for you

1. Create more efficient watchlist
2. Profit
3. ??????????????
4. ??????????????
5. ??????????????

Re:Number of tables, no Poorly indexed (0)

Anonymous Coward | more than 5 years ago | (#24750293)

The problem is not the number of tables

Sorry, but in no-way are 463 tables good. The article says the data is scattered across 463 tables. The amount of complexity here should be considered an act of terrorism in itself. What I mean to say, is how specific are these tables? eye_color, right_eye_color, left_eye_color, toenail_color, pinkie_toe_color, next_to_pinkie_toe_color

Sorry, but it sounds broken and exactly what I would expect a government contract to produce.

Re:Number of tables, no Poorly indexed (1)

ericspinder (146776) | more than 5 years ago | (#24750647)

Sorry, but in no-way are 463 tables good.

Well, I'd say, it's more than just likely that 463 tables is a good indicator of a bad design. However, as I don't know what they are tracking, I couldn't say. There is little chance of us actually knowing that either.

I'm guessing that what they are trying to do with this database is much more than just a place to put names, but a way to analyze, and perhaps even use it to add people based on their travel companions.Perhaps they have an entire table devoted to 'flights with children' believing that terrorists wouldn't travel with children.

Also, how many records do you want in a single table? Smaller tables are easier to search, with or without proper indexes, But no matter what there should be indexes, there once was a time when really sharp people could squeeze out a little more performance in specific cases by forgoing the index, but it's just not worth it.

Re:Number of tables (2, Informative)

jedidiah (1196) | more than 5 years ago | (#24750167)

> This is not a good measure of how good or bad a database is.

Oh yes it is.

In order for a database to be USEFUL, you need to query it. If you can't
query the database because of the way that it's laid out or indexed then
it is infact broken.

400+ tables for an identity resolution database is absurd. There are MUCH
better ways to account for all sorts of bizzarre types of identifying
information.

This database probably isn't properly normalized either. With 400+ tables
and a simple problem you would think that all keys are primary keys in this
schema.

As far as "this" problem goes: been there & done that (quite literally).

Re:Number of tables (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24750799)

400+ tables for an identity resolution database is absurd. There are MUCH
better ways to account for all sorts of bizzarre types of identifying
information.

This database probably isn't properly normalized either. With 400+ tables
and a simple problem you would think that all keys are primary keys in this
schema.

According to the article, this is the database to track terrorist-like behavior. That's a considerably more complex problem than identity resolution. This isn't the database that stores the no fly list for use by TSA; it's the database that is used to generate it. Generating the list is one use of the database, but apparently it's overall purpose is more general.

Are all the 463 tables application tables? Or are some of them system tables (e.g. users, sessions, etc.)? The article doesn't say. Nor does it say why it thinks that the tables are poorly indexed. It also confuses the database with the application using it: you have to do SQL queries to get information from the database? The horror! It's as if SQL were a Structured Query Language designed purely for accessing a database.

It's quite possible that the tables are structurally inadequate. Especially considering that the database was created more than five years ago and its purpose has been evolving over that time. The number of tables does not demonstrate that. Poor indexing is a conclusion; what's the data suggesting or supporting that?

The only objective criticism is that there isn't an application that allows free text searching of the tables. Instead, they use direct access to the database. How is that a database problem though? If that's an important use case, then they need to write an application to support it. That application would still use SQL to get data from this database (although it might create its own free text index that could conceivably live outside the database).

Why Would You Expect Otherwise? (4, Insightful)

curmudgeon99 (1040054) | more than 5 years ago | (#24749829)

The same US government that screws everything else up should be expected to screw up the terror DB. It was probably written by a junior developer who had never heard of a SQL injection. Isn't making a search form about the easiest project there is to build? I hate to say it, but I'm glad our government is so full of screw ups: pity the list exists at all...

Re:Why Would You Expect Otherwise? (4, Interesting)

polar red (215081) | more than 5 years ago | (#24749867)

One could wonder whether the project was set up to adress terrorism OR it was setup to generate media-attention ?

Both (5, Interesting)

BitterOldGUy (1330491) | more than 5 years ago | (#24750291)

One could wonder whether the project was set up to adress terrorism OR it was setup to generate media-attention ?

It was both and then some.

I'm trying to find the link of the guy who started this BS. It was a private citizen who, IIRC, was the one who was involved with Choicepoint. He wrote some code and his algorithm pulled up most of the 9/11 hijackers and then some. He had some false positives even then, but it was the Government's wet dream and it solved some of their problems (such as that pesky little Constitutional problem of spying on Americans. It's OK if a private company does it -Choicepoint.) and it makes great security theater and it creates some big fat Governemtn contracts for some big fat cats with Government connections.

Need more caffeine and I'm getting tons of false hits from Google trying to find the cite - it is over 7 years old, ya know.

Re:Why Would You Expect Otherwise? (4, Interesting)

Dan667 (564390) | more than 5 years ago | (#24749969)

Only problem is that it actually affects people try to travel. If the US Gov want to be idiots, fine. But if they want to do it in my name like I somehow want this, there is a problem. If they want to treat me like a criminal in my own country for trying to travel in it, I have a problem. If they want to seize my laptop for no reason because I am trying to travel, I have a problem.

I like the idea of having a fly at your own risk airline where you can just "risk it" and not have all these so called "protections". I bet it would put the airlines with the TSA out of business in a week.

Re:Why Would You Expect Otherwise? (2, Insightful)

mrbluze (1034940) | more than 5 years ago | (#24750005)

I like the idea of having a fly at your own risk airline where you can just "risk it" and not have all these so called "protections". I bet it would put the airlines with the TSA out of business in a week.

Thinking of joining the air force?

Re:Why Would You Expect Otherwise? (4, Interesting)

HungryHobo (1314109) | more than 5 years ago | (#24750067)

That could work.
Risk it airlines, where there are no security checks to get on board and the only security measures are to detect when a plane has been hijacked and once confirmed a killswitch is activated to simply blow it out of the sky. Might have to pay the pilots more but I'd travel on one of those.

Re:Why Would You Expect Otherwise? (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24750405)

No need, give every able adult a weapon upon boarding, they'll have plenty of incentive to deal with any problems.

Re:Why Would You Expect Otherwise? (0)

Anonymous Coward | more than 5 years ago | (#24750803)

Don't give any weapons to the terr'ists tho. perhaps someone could keep a list somewhere (perhaps in a database, I don't know) of people that shouldn't be given weapons upon boarding a plane...

Re:Why Would You Expect Otherwise? (1)

db32 (862117) | more than 5 years ago | (#24750655)

With no security checks people could bring their knives and guns and tazers and so on. It would be a damned risky endeavor to highjack that plane. I would much rather deal with the problems caused by a bullet hole in the plane from shooting a highjacker than with an automatic detonation, being shot down by jet, or being flown into a building or something.

I could maybe even see you having to check your guns just because of the potential 'hole in the plane' problems. But the easy remedy is to give everyone an asp baton. Planes are a close quarters place, even if someone sneaks a gun on and tries something, a half dozen people with metal rods should be able to stop them relatively quickly.

Then, for bonus security. Anyone who participates in stopping a highjacking gets to fly for free for life, a shiney trinket, and maybe a nice check too.

Re:Why Would You Expect Otherwise? (0)

Anonymous Coward | more than 5 years ago | (#24750659)

I like the idea of having a fly at your own risk airline where you can just "risk it" and not have all these so called "protections". I bet it would put the airlines with the TSA out of business in a week.

You're not thinking about 9/11. It's not the passengers that are being protected. It's the people on the ground. If you want to "risk it" you can. Fly a small plane. Do it yourself or rent it. There's no TSA, but you also won't be able to take down a tall building. I hope.

Re:Why Would You Expect Otherwise? (4, Insightful)

Tridus (79566) | more than 5 years ago | (#24750061)

It was outsourced. Near the bottom of TFA it says that some of the money was used to renovate a building owned by Boeing.

Its amazing just how many "government screwups" are actually caused by politicians outsourcing to their buddies in private industry (with little to no penalties for failing to deliver what was promised), and have nothing to do with the abilities of actual government employees.

There's actually quite a few smart IT folks in government, but they're not the ones who make decisions on who to outsource this stuff to. In fact, most of them would probably rather build a team and do it In-House, since that way you build up the knowledge internally and can more easily support it later.

So please don't blame government employees for something that Boeing screwed up.

Re:Why Would You Expect Otherwise? (0, Flamebait)

Abcd1234 (188840) | more than 5 years ago | (#24750499)

But... but... government bad. GOVERNMENT BAD! Private industry good!

Re:Why Would You Expect Otherwise? (2, Informative)

suso (153703) | more than 5 years ago | (#24750215)

Believe it or not but there are some good applications out there in the government. I worked on a Naval base for a year as a contractor and was fortunate enough to work on a really kick ass PHP application. I can't tell you what it was, but to this day it was the best web application I've seen as far as security, design, functionality and sophistication goes. I think it was over 130,000 lines of code and was written by 2 guys over 3 years. I learned a lot from working on that application. So there are some gems out there, this so called terrorist database could have had the potential to be better. Maybe it would have been better if there wasn't so much hype around it.

$500 Million? ! (2, Interesting)

asifyoucare (302582) | more than 5 years ago | (#24749835)

How does one manage to spend that much? I assume that normal intelligence isn't being bundled into that figure and that it is purely for software and implementation.

Oh well, we can't talk here in Australia - In Melbourne we've wasted more that a billion USD on a train ticketing system that doesn't even work.

Re:$500 Million? ! (2, Interesting)

Tridus (79566) | more than 5 years ago | (#24750193)

"Miller also alleged that some of the $500 million spent on Railhead already had been improperly used to renovate a facility owned by contractor Boeing."

Its easy to waste a lot of money when a department that has a virtually unlimited budget outsources with little to no oversight.

We had similar problems in Canada with the Long Gun Registry, which was a dumb idea to begin with. Then they outsourced it. All told it cost more then $1 billion to set up, and didn't work properly at first. (It does work now, though its still a dumb idea.)

Re:$500 Million? ! (0)

Anonymous Coward | more than 5 years ago | (#24750531)

A good start is usually hiring IBM, or one of several other large 'service' firms.

IBM specifically does some good things lately, but if you're truly looking to get serviced, the big consulting companies can help you out.

Hiring relatives also generally helps.

the first person (5, Funny)

nimbius (983462) | more than 5 years ago | (#24749837)

to code an exploit that automatically populates tables in the watchlist with entries from the TSA employee database wins.

Re:the first person (4, Funny)

LiquidCoooled (634315) | more than 5 years ago | (#24749909)

Are you sure thats possible, I thought Microsoft Access Databases were invulnerable?

Re:the first person (2, Funny)

Anonymous Coward | more than 5 years ago | (#24749999)

invulnerable and inaccessible go hand in hand yes.

Re:the first person (0)

Anonymous Coward | more than 5 years ago | (#24749915)

to code an exploit that automatically populates tables in the watchlist with entries from the TSA employee database wins.

Stand by whilst I dust off the old C64 and knock that out for you.

Re:the first person (0)

Anonymous Coward | more than 5 years ago | (#24750713)

to code an exploit that automatically populates tables in the watchlist with entries from the TSA employee database wins.

Unfortunately, as annoying as they are, most TSA employees have no influence to change policy.

What you want to populate it with is the names of Congressmen, Senators, congressional staffers, spouses and relatives.

It's _not_ crippled by technical flaws. (4, Insightful)

Ihlosi (895663) | more than 5 years ago | (#24749849)

It's crippled by being a moronic concept in the first place ("You've got the wrong name and _maybe_ the wrong date of birth, and you're not flying.") and an absolutely arbitrary process of putting names on the list, and no way of ever getting a name off the list.

Fix those points first, and _then_ worry about technical details.

Re:It's _not_ crippled by technical flaws. (4, Interesting)

Hektor_Troy (262592) | more than 5 years ago | (#24750007)

"You've got the wrong name and _maybe_ the wrong date of birth, and you're not flying."

Oh, come on! We all know to be terrified of letting 5-year-olds onto the plane [king5.com] (video). If they share a name, they're bound to share ideologies. And what better place to hide explosives than in a shitty diaper?

And that kid was only wanted by the INS! I can just imagine the hillarity ensuing when they clear an airport because another kid "made a stink bomb" in his diaper - we all know how much the TSA loves words like those.

Re:It's _not_ crippled by technical flaws. (5, Funny)

elrous0 (869638) | more than 5 years ago | (#24750131)

Actually, I'd be pretty cool with banning 5-year-olds from planes.

Re:It's _not_ crippled by technical flaws. (3, Insightful)

daremonai (859175) | more than 5 years ago | (#24750169)

Personally, I'd be a little worried about a 5-year-old who's still in diapers.

Re:It's _not_ crippled by technical flaws. (1)

ZippyKitty (902321) | more than 5 years ago | (#24750509)

Oh, come on! We all know to be terrified of letting 5-year-olds onto the plane (video). If they share a name, they're bound to share ideologies. And what better place to hide explosives than in a shitty diaper?

I think this might work... the explosives in the diaper I mean. When I fly with my son we carry the diaper bag, and I've not always sanitized it for flying sufficiently. So there is often a larger bottle of sun screen or something stupid like that in it. Now, by the time we hit the airport security it isn't unusual that we will have changed DS's diaper. And we use cloth - really nice ones which I am not about to throw out. So by the time we are in security there is a wet diaper nicely wrapped in a plastic bag in the diaper bag.

Security screens the bag and sees something suspicious - like the sun screen. So they ask if it is okay to search the bag. In the interest of fairness I warn them of the other contents of the bag. You know - not once have they followed through with searching the bag. :)

ZK

Re:It's _not_ crippled by technical flaws. (5, Insightful)

hellwig (1325869) | more than 5 years ago | (#24750053)

Exactly. The No Fly List [wikipedia.org] is useless because it contains an estimated 1,000,000+ names (really, 1 million terrorists we can't track down?). It's useless because it contains generic entries such as T. Kennedy, which doesn't refer to a person but an alias once used in a crime (Tater Salad might be in there too). It's useless because even once they bomb a terrorist into tiny pieces his name is still on the list (sry, can't rememer who). Not only that, but the list is used for political dissidents too, not just terrorists or dangerous criminals. Apparently Nelson Mandela was on the list, until the fact was embarrasingly publicized and he was finally removed.

Re:It's _not_ crippled by technical flaws. (4, Informative)

Anonymous Coward | more than 5 years ago | (#24750303)

Technically, the Terrorist Watch List Database contains about 400,000 unique persons, of which the remainder represents known aliases. This is the so-called "green light" list, with no restrictions on them whatsoever. The "yellow light" list is much smaller, about 10,000 unique persons, and only subjects these people to desk check-ins and special searches. The *actual* No Fly list (the "red light" list) is itself a small fraction of that, perhaps 1,000 people at the most.

Add that to the fact that Congress is starting to mandate some sanity checks and ways to be removed from the list, I could see this someday being useful... just not today.

Re:It's _not_ crippled by technical flaws. (5, Funny)

clickety6 (141178) | more than 5 years ago | (#24750417)

Apparently Nelson Mandela was on the list, until the fact was embarrasingly publicized and he was finally removed.

So, easy solution - if you don't want to be bothered by the no fly list then change your name to Nelson Mandela...

Re:It's _not_ crippled by technical flaws. (3, Insightful)

Lucid 3ntr0py (1348103) | more than 5 years ago | (#24750663)

I think we should start putting everyone on the watch list. Then we don't have to worry about exceptions, and all of our wait times become the same.

If employees of the TSA can't sort out when someone, like a 6 year old boy, is not the right person named on the terror list, then WHAT THE FUCK ARE THEY GOING TO DO WITH A REAL TERRORIST?

Re:It's _not_ crippled by technical flaws. (5, Funny)

samweber (71605) | more than 5 years ago | (#24750187)

But hey, it's not that bad! After all, since all terrorists use their real names when flying, it is sure to catch them all.

Ever wonder why no suicide bomber has been able to strike twice? It's because of the no-fly-list, I tell you!

This reminds me of the comic Ahmed Ahmed. (1)

BitterOldGUy (1330491) | more than 5 years ago | (#24750211)

Yes that's his real name and he basically takes about 3-4 hours just to board a plane. Anyway he this routine that's hysterical! Apparently, he has the exact same name as someone who's suspected of terrorism in the Middle East.

Someone seeing the terrorist's name: "Hey, you're that American Comic!"

Terroists looking very serious and dangerous: "NO! I AM NOT!"

Person: "Yes you are! You're so funny!"

Terroist looking even more pissed: "No! Absolutely not!"

Gotta watch it.

It runs on PBS every once in a while Ameican Crossroads [pbs.org].

A way to do security screening (1)

davidwr (791652) | more than 5 years ago | (#24750309)

The "watchlist" should be more like a credit-rating report: It gives the front-line screener a "score" or more likely a redlight-greenlight.

If there is a redlight, and the person has previously been mis-identified, he can whip out his "get on the plane free" card and the screener swipes the card and fingerprint or scans his face or something. If they match, he's green-lighted.

Otherwise, he goes to further screening conducted by trained, relatively trustworthy professionals who look at the actual information: This person has visited Pakistan 5 times, his uncle is a member of the Indian Mafia, he's paying cash, etc. They talk to him and make a decision whether to okay him for this flight, this itinerary, or in the case of mistaken identity, photograph or fingerprint him, and give him a "get on the plane free" card.

In a perfect world, this wouldn't be necessary, but as long as there are people who match my physical description and share my name and birth-date running around trying to blow up planes, I expect to endure the inconvenience of a single delayed flight and having to show and authenticate my "get on the plane free" card every flight. If I ever do start doing things that "fit the profile" like pay cash to flights to Pakistan or marry someone whose family is in organized crime, I expect greater scrutiny.

There are a few things that should be off-limits though:
Race, gender, sexual orientation, religion, place of birth, etc. However, country of citizenship and non-trivial, clandestine association with known criminals or terrorists is fair game.

Re:It's _not_ crippled by technical flaws. (0)

Anonymous Coward | more than 5 years ago | (#24750315)

I guess this is where racial profiling would come inâ¦

Normal? (1)

goose-incarnated (1145029) | more than 5 years ago | (#24749855)

Well, isn't this normal? We create as many tables as we need during normalisation, and then create views/stored procs/frontend scripts/whatever for the user to use.

Sounds like they only did the half the job. The other half still needs to be done - I see no "crippling" here.

This is what happens when you go for the lowest (0)

Anonymous Coward | more than 5 years ago | (#24749899)

Some contractors win by hiring really cheap labor, and then bidding so low that the contractors with decent software engineers and database developers cannot compete. Yeah, I'm looking at you, SAIC!

The worst part is that the government hasn't figured out that some contractors, with few exceptions, are just routinely bad and should be avoided at all costs.

Re:This is what happens when you go for the lowest (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24749907)

It's actually what happens when you let niggers write software.

Niggers.

Re:This is what happens when you go for the lowest (2, Interesting)

goose-incarnated (1145029) | more than 5 years ago | (#24749979)

The worst part is that the government hasn't figured out that some contractors, with few exceptions, are just routinely bad and should be avoided at all costs.

What makes you think they haven't figured it out? There is good money, bad money, corrupt money, etc ... but the best type of money is *my* money, ie money in my hand. Frankly, if I was purchasing something that's of no benefit to me I'd hardly bother with quality, I'd just like to keep as much money in my hands as possible.

For example *ahem* if I was forced to purchase something (say, furniture) for ex-wife after she moved out, why would I bother spending money on anything more than patio chairs and a plastic table?

Re:This is what happens when you go for the lowest (1)

compro01 (777531) | more than 5 years ago | (#24750377)

Frankly, if I was purchasing something that's of no benefit to me I'd hardly bother with quality, I'd just like to keep as much money in my hands as possible.

In this case, you get neither quality, nor money kept in your hands.

Re:This is what happens when you go for the lowest (1)

Tridus (79566) | more than 5 years ago | (#24750245)

Well, some governments have rules about how the bid process works. Specifically, rules that you look at cost. You don't look at the prior history of the contractor, or if its realistic to actually deliver what was promised for the stated price.

In effect, in order to avoid corruption, the rules were designed to take decision making out of peoples hands as much as possible. The obvious problem there is that in order to pick a more expensive contractor that actually has decent engineers you have to be able to use a decision making process to say "this is worth the extra cost."

Too bad the media will just see it as cronyism, rather then someone trying to actually get value out of taxpayer dollars by paying for a quality system.

(I guess at this point its easy to tell that I work for a government, huh?)

The sad part (1)

Evildonald (983517) | more than 5 years ago | (#24750013)

What is sad about this is some security-cleared development company probably charged $20 million to make it.

Quel Surprise ! (1)

OneSmartFellow (716217) | more than 5 years ago | (#24750107)

Foolish, poorly designed, wasteful, corrupt Federal Database application fails to deliver on promises,

Film at eleven !

Irony? (0)

Anonymous Coward | more than 5 years ago | (#24750299)

Is it irony that this was the tagline for the article?

"Kludge, n.: An ill-assorted collection of poorly-matching parts, forming a distressing whole. -- Jackson Granholm, "Datamation""

Just google it. (1)

SuperQ (431) | more than 5 years ago | (#24750343)

Why not just put up the list on "terroristwatchlist.com" and do site: google searches.. Would probably be much easier and more reliable.

"Technical Flaws" (2, Insightful)

T.E.D. (34228) | more than 5 years ago | (#24750375)

I'm not sure you can call having names on the list matching 1/3 of the population of the earth a "technical flaw".

What they really need to do to make it useful is get it down to perhaps a couple thousand real concerns.

Re: (1)

clint999 (1277046) | more than 5 years ago | (#24750381)

That could work.Risk it airlines, where there are no security checks to get on board and the only security measures are to detect when a plane has been hijacked and once confirmed a killswitch is activated to simply blow it out of the sky. Might have to pay the pilots more but I'd travel on one of those.

Ethics vs. results? (2, Interesting)

Shoten (260439) | more than 5 years ago | (#24750425)

So, the question that comes to mind for me is this: what if I were a database architecture guru who had been asked to build this system (or its replacement)? At first, my thought is that I'd refuse on grounds of my opposition to the whole thing...but now I'm suddenly wondering if some of the better options did just that, and then it got designed and built by the knob who would take the job. Unlikely, sure, but it's something that I've never thought about before. Is the ethical cost of not doing something like this (that's going to get done anyways one way or another) when you're the right guy for the job potentially higher than the ethical cost of doing it?

Same say Osama, some say Usama (1)

hughk (248126) | more than 5 years ago | (#24750437)

First of all, many terrorists have names in a non-Latin alphabet. There are multiple ways to transcribe Arabic and Cyrillic letters to the Latin alphabet.

Funnily enough there is a lot of software around to do this and not all of it by the CIA. Since the unPatriotic act (actually before it) banks have been supposed to ID check new account holders.

As far as the other data is concerned, often watch lists contain poor data, and passports may contain inexact data (Chinese gymnasts' DOBs, anyone). You need to have a scoring match, i.e. if the name sort-of matches and the age is within 2 yrs and place of birth is a similar sounding town in the right country, and then flag for a human to review. If there is a positive match using approximation, you really do need a trained person to make any final decision.

Hire Google (1)

shareme (897587) | more than 5 years ago | (#24750461)

And our so super smart congress could not figure out how to hire Google to complete the project?

More wasted money! (1)

EvilIntelligence (1339913) | more than 5 years ago | (#24750473)

As usual, the government has taken taxpayers' dollars and wasted it. I'm sure somebody at the Justice Department decided that this database should be easy to build ("It's just a list!"), and rather than bring in some professionals to design it, they slapped it together on their own. They probably decided that the data is too sensitive to have an outside data architect design it. Not only is the government messing with private citizen's rights, but they are doing it badly.

No-Fly List .. (1)

rs232 (849320) | more than 5 years ago | (#24750527)

What laws are invoked by the DHS in putting people onto this list and not allowing them to fly. I mean there is a law, isn't there. Now how about getting onto a no-water-boarding list .. :)

Time to reverse engineer the No-Fly List (0)

Anonymous Coward | more than 5 years ago | (#24750583)

I mean how hard would it be to take all of the news stories about these poor Joes who for no fault of their own end up on the no-fly list.

Then publish the daylight out of the list and force some accountability for the responsibility.

The lists. (4, Interesting)

Anonymous Coward | more than 5 years ago | (#24750585)

A friend of mine is the security manager for a fairly large company. They have offices all over the world and business in many countries. He tells me that there are at least three "terrorist" lists. The EU list, the UN list and the US list. They are listed from poor to really shitty.
If a person or a company is on either of these lists then they aren't allowed to do business with them as they are suspected terrorists r terrorist backers.
The US list can contain things like "Muhammad, Saudi Arabia", or "Iqbal, Pakistan".

The lists are of no use to them and impossible to follow, but they are required to do so or risk sanctions from EU or the US.

Happy times!

upgrade is... (0)

Anonymous Coward | more than 5 years ago | (#24750675)

...worse than the original? So it's a Microsoft product?

Ok ouch ok I'll shut up and sit ouch in a ouch stop it! corner now.

Polymorphic names! (1)

mlush (620447) | more than 5 years ago | (#24750721)

If your a terrorist please stop reading here! It would not do at all for this information to get into terrorist hands!

This story [cnn.com] says it's possible to bypass the list by using a legal variant of your name ie Capt. James Robinson said he has learned that "Jim Robinson" and "J.K. Robinson" are not on the list.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...