'No Fly' No Go

Airline security follies


In 2010, nearly a decade after the 9/11 attacks brought home the importance of keeping suspicious characters off airplanes, the Transportation Security Administration (TSA) hopes to launch a new system for distinguishing between harmless passengers and terrorists. If all goes well.

Two earlier efforts, involving databases with detailed information on everyone who flies, were scrapped largely because of privacy concerns raised by civil liberties groups. But the TSA has been working on the latest version for four years, and it still has not found a way to reliably tell one David Nelson from another or to distinguish between T. Kennedy, the alias used by a man suspected of ties to terrorism, and Ted Kennedy, the U.S. senator. The Massachusetts Democrat is one of many travelers who have been repeatedly hassled or prevented from flying because their names resemble those of people on the watch list, which is supplied by the government but checked by airlines.

Skeptics such as security consultant Bruce Schneier argue that checking passengers' names against a "no fly" list will always be more trouble than it's worth, given the unreliability of the information, the limited coverage of the list, the possibility of flying under an assumed name, and the inevitability of false positives. But TSA Administrator Kip Hawley insists "we are going to get it right before we set an artificial date and try to rush."

Among other things, the new TSA-managed system is supposed to include data, such as birth date and sex, that will make it easier to avoid identity mix-ups. Hawley says the new list also will be much shorter. "A detailed review of the existing no-fly list to eliminate erroneous, redundant or incorrect listings," The New York Times reports, "should result in its being cut almost in half."

In the meantime, the TSA has created a website where passengers erroneously identified as terrorists can go to complain. Fittingly, the original version of the site asked for detailed personal information without using standard security precautions to protect the data from prying eyes.