Report: No Fly - Homeland Security

More documents

Recommendations

Info

No-Fly Report DHS Privacy Office April 27, 2006 phonetic representation. 37 Both classes of algorithms are useful in matching of passengers against the lists, but each algorithm produces a different set of matches and all algorithms have significant error rates. Recognizing this problem, programs that perform matching against terrorist watch lists can use multiple algorithms. 38 Nevertheless, even with the use of multiple algorithms, matching programs must use additional information to increase the quality of matches in order to minimize false negatives (i.e., to ensure that those on the list do not escape detection) while producing a reasonable number of false positives. The need for additional information raises privacy concerns, particularly if this information is retained by the screening entity. If the use of No-fly and Selectee lists is expanded to modes of transport other than air and cruise ships, the number of individuals being screened will increase significantly and, therefore, the number of matching errors could also increase. Implementing screening programs using the No-fly and Selectee lists for other modes would also be logistically and administratively difficult in some cases. Rail and surface transportation networks are vast, complex, open and generally accessible to the public by design and their operations are highly fragmented. According to the Bureau of Transportation Statistics, a component of the Department of Transportation, there were 83 air carriers in the US in 2002 but approximately 6,000 transit systems that operate buses, rail systems, ferry boats and other modes of passenger transport. 39 Allowing other modes of transportation to conduct screening through distribution of some version of the 37 B.J. Dorr, Computational Linguistics Meets the FDA: Techniques for Identifying Sound-alike Drug Names, University of Maryland, July 2003, available at , last visited on June 3, 2005. An example of an orthographic algorithm is one that compares names character by character after removing spaces and punctuation and transforming the name into all capital letters. An example of a phonological algorithm is Soundex, created in the 19 th century and still in use for genealogical research. Soundex transforms each name into a four-character index representing the sound of the name when spoken. This allows matching of names that sound alike but are spelled differently. There have been many improvements on Soundex. One of the improved algorithms, Double Metaphone, allows coding not only of the American pronunciation of the name but also of the native pronunciation. Research on matching algorithms continues. 38 See, for example, discussion of name search capability in the U.S. Department of Justice report (2005), pp. 26-27. 39 U.S. Department of Transportation, Bureau of Transportation Statistics, National Transportation Statistics 2004, Appendix A, Transit Profile (updated April 2005), available at , last visited June 13, 2005. The figure represents the number of transit agencies; some agencies operate more than one mode of transport. -13-
No-Fly Report DHS Privacy Office April 27, 2006 No-fly and Selectee lists may pose a security risk by virtue of the number of entities that would be involved. Bringing screening into the government for additional modes of transport would introduce not only an increased workload and expense to screening programs, but also increased operational complexity. D. Matching in an Environment Where Identity Theft and Synthetic Identities May Be Present Matching identities to individual identifiers contained within the consolidated terrorist watch list can help to flag individuals suspected of terrorism. However, a suspected terrorist or an individual considered to be a threat to aviation may be using a false identity and not travel under his or her own name. Conducting a match based on an assumed identity may result in a false negative. Identity theft, the appropriation of another person’s identity, has become increasingly common. Stolen identities are most often used for financial fraud, such as opening and using credit card accounts, accessing bank accounts, and purchasing vehicles on credit. 40 The Federal Trade Commission reports 246,570 complaints of identity theft during calendar year 2004. 41 A somewhat different but related problem is the creation of synthetic identities. While a stolen identity is an identity of a real person, a synthetic identity is a blend of fact and fiction. 42 For example, a synthetic identity may be a combination of an individual’s actual address with a name and social security number issued to someone who died in childhood. A synthetic identity is more useful than “true-name” identity theft for purposes that do not involve financial fraud because there is no “owner” of the identity to uncover the fraud and report the theft. 43 40 See, for example, Government Accountability Office, Consumers Understood Credit Reporting But Could Benefit From Targeted Education, GAO-05-223, March 2005, p. 2. 41 Federal Trade Commission, National and State Trends in Fraud & Identity Theft, January – December 2004, February 1, 2005, p. 4, available at . last visited June 6, 2005. The report states that the number of identity theft complaints reported may increase over time as other agencies add their data to the FTC database. 42 Federal Deposit Insurance Corporation, Putting an End to Account-Hijacking Identity Theft, available at < http://www.fdic.gov/consumers/consumer/idtheftstudy/background.html#foot2>, last visited on June 6, 2005. 43 T. Oscherwitz, Synthetic Identity Fraud: Unseen Identity Challenge, Bank Security News, Vol. 3, No. 7, April 2005, available at < http://www.idanalytics.com/pdf/Bank_Security_News.pdf>, last visited June 6, 2005. -14-
Page 1 and 2: Report on Effects on Privacy & Civi
Page 3 and 4: No-Fly Report DHS Privacy Office Ap
Page 7 and 8: Table of Contents I. EXECUTIVE SUMM
Page 19: No-Fly Report DHS Privacy Office Ap
Page 29: No-Fly Report DHS Privacy Office Ap

Report: No Fly - Homeland Security

Create successful ePaper yourself

Delete template?

Save as template?