The TSA Makes It Harder To Detect Terrorists

This article in Tuesday’s WSJ (requires subscription) discusses the trials and tribulations of innocent air travelers whose names, or even parts of whose names, resemble those of people on the government’s “No Fly List.” The unfortunate false-positives are greatly inconvenienced, and at a rate that far exceeds the number of bad guys caught. (The article delicately points out the obvious: the No Fly List has contributed to the capture of “very few” suspected terrorists.)

So what’s driving this aggressive flagging of harmless individuals (some of whom have been cleared repeatedly for earlier flights)? Part of the answer lies in airlines’ use of antiquated name-matching systems that were originally designed to ferret out multiple bookings, and to make it easy for ticket agents to look up passenger records without knowing the exact spellings of names. These systems intentionally cast a wide net. That’s helpful for common travel snafus but makes the systems ridiculously inefficient for finding the one terrorist among millions of legitimate travelers.

One name-matching technique that airlines have used, called Soundex, dates back more than 100 years, to when it was invented to analyze names from the 1890 census. In its simplest form, it takes a name, strips out vowels and assigns codes to somewhat-similar-sounding consonants, such as “c” and “z.”

The result can be bizarre. Hencke and Hamza, for example, have the same code, H520. If there’s a Hamza on the No Fly List, a traveler named Hencke could be pulled aside for a background check before being allowed to board.

Why not match names precisely? The article points out that it’s difficult to do, because spellings vary (William and Bill), transcription of foreign names is unreliable (Haj and Hag), titles may become confounded with names, and (surprise) some people use one of more aliases.

Another problem is that airlines are hesitant to spend money on anti-terror measures they think the government should pay for.

Moreover, the TSA’s institutional incentives encourage maximizing the number of passengers scrutinized: it’s unlikely that anyone will be fired for screening too zealously, but failure to detect a terrorist could lead to disaster (including career disaster for the officials on whose watch it occurred). A significant number of false positives may be a reasonable tradeoff for an increased probability of catching real terrorists. However, because there will always be vastly more non-terrorists than terrorists in our traveling population, and because the screening databases are likely to contain errors, any increase in the scrutiny given the traveling public is likely to increase the number of false positives by much more than it increments the number of terrorists apprehended. The result can be a level of noise so high that it overwhelms many signals. We can end up with both a high rate of false positives and a screening system that is suboptimal at detecting real risks.

The TSA bureaucracy, like other bureaucracies, will define its job in ways that tend to bring increased authority and funding. If you frame the TSA’s role as the screening of passengers, you end up with lots of screeners and lots of screening. Does that make terrorism less likely? It probably does some good, but it’s difficult to know because of the low base rate of terror attacks. Whatever the real level of risk, the TSA’s incentive is generally to throw money and employees at perceived problems, even if this is not the best response.

Finally, there is political correctness. Targeted screening of people who fit likely-terrorist profiles works well (Israel), and is generally a much more effective use of resources than is trying to screen every single passenger at a level of intrusiveness sufficient to determine whether he is a security risk. The problem with targeted screening is that it’s taboo here because some voters might be offended. So instead the government is going to try to expand its current flawed program. The false premise of the government’s implicit argument is that we can trade freedom for safety. The reality is that we are giving up freedom for nothing and are still not serious about security.

What are the prospects for intelligent reform of our passenger-screening system? Not good. Political and bureaucratic incentives are driving attempts to extend some of the system’s most abusive features. Here’s the kicker from the end of the article:

The TSA has been trying to get the message to airlines that they should focus on matches of full names, not just the last name, says James R. Owen, a TSA official in Juneau. Longer term, the agency is working on an advanced passenger pre-screening system known by the acronym of CAPPS II.

It will scour not only watch lists such as No Fly but also criminal records, credit-card transactions and identifiers such as address and date of birth to detect suspicious patterns. The TSA envisions it as “dramatically reducing” the number of people flagged. Privacy and civil-liberties advocates fear just the opposite — that the increased ways to attract suspicion will result in even more passengers being wrongly tagged.

So the TSA claims to want to deal with false positives caused by bad data and sloppy procedures, and says that it will do so. . . by expanding the bad-data set. This is absurd. Since inaccurate databases are a big part of the system’s problem, the main result of incorporating additional inaccurate databases into the system is likely to be an increased rate of false positives. It looks as if the civil libertarians are right and this data-mining scheme is a power grab pure and simple. The author of this article, by not seriously addressing these issues, seems to have been at best gullible, at worst complicit in the administration’s PR campaign for Orwellian measures that cannot deliver the level of security they promise.

(Instapundit has related comments and links.)