* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.



Date: Fri, 25 Apr 2003 23:03:58 -0400
From: Steve Bellovin 
Subject: The "no-fly" list

The 22 Apr 2003 *Wall Street Journal* had a long article on the U.S.
"no-fly" list -- a list of about 300 people that the U.S.
government regards
as too dangerous to allow on airplanes.  Apart from anything else, the
article discussed the many ways this system is producing false positives and
(one would assume) the chance of false negatives.

The article is too long to summarize; among the problems cited are the
difficulties of transliteration from Arabic (they show five different
renderings of one name) and use of computer systems designed for different
purposes.  For example, some of the systems used hunts for matches based on
the first few letters of a surname -- ideal for helping someone check in
quickly, but not good for checking against a "no fly" list.  Nor are the
error recovery processes good; there are some people who will *always* run
afoul of this on certain airlines, but they seem incapable of recording that
they've checked out particular individuals the previous time.

Steve Bellovin, http://www.research.att.com/~smb



Date: Wed, 21 May 2003 09:20:33 -0700
From: "NewsScan" 
Subject: Privacy advocates doubt Pentagon promises on spying

The Pentagon has changed the name of its planned anti-terrorist surveillance
systems, but critics say the fundamental program remains the same and would
risk violating citizens' privacy if fully implemented. Now renamed the
Terrorist Information Awareness program (from Total Information Awareness),
the system would broaden government surveillance activities to encompass
passport applications, visas, work permits, driver's licenses, car rentals
and airline ticket purchases as well as databases including vast amounts of
personal information, such as financial, education, medical and housing and
identification records. Sen. Ron Wyden (D-Ore.), a major opponent of the
TIA, says, "What most Americans don't know is that the laws that protect
consumer privacy don't apply when the data gets into government's
hands. Lawfully collected information can include anything, medical records,
travel, credit card and financial data." Testing of the system is already
underway, raising privacy advocates' concerns about "false positives" based
on erroneous data. "If TIA is relying on personal information contained in
databases to determine whether someone is a suspect, what recourse does that
person have whose information has been entered incorrectly?" says a
spokeswoman for the Free Congress Foundation, which estimates that an error
rate as small as .10% could result in more than 30,000 Americans wrongly
being investigated as terrorists. [AP 20 May 2003;NewsScan Daily, 21 May 2003]
  http://apnews.excite.com/article/20030520/D7R5BBUG0.html



Date: Tue, 27 May 2003 11:10:30 -0700
From: "NewsScan" 
Subject: Spam's cure could be worse than the disease

CNet columnist Declan McCullagh worries that the proliferation of
spam-blocking software incorporating challenge-response technology could
lead to the death of e-mail. Challenge-response systems require the human
sending a message to perform a simple task such as clicking on a link or
typing a special password to get past the barrier. The problem is, says
McCullagh, that many challenge-response systems are poorly designed, and
could causes big headaches for administrators of legitimate e-mail
newsletters (such as NewsScan Daily) that go out to large numbers of
people. "Big corporations may be able to afford to hire someone to sit in
front of a computer and spend all day proving they're not a spam bot, but
nonprofit groups, individuals and smaller companies probably can't," says
McCullagh. Earthlink has already announced its intentions to make a
challenge-response system available to subscribers by the end of May, and
other ISPs may follow suit -- a scenario that has veteran list operators
concerned. Dave Farber, a computer scientist at the University of
Pennsylvania who runs the "interesting people" list, says: "If I start
getting a flood of challenges from Earthlink IPers that require my response
I will most likely declare them spam and you will stop receiving IP mail. I
fully expect this to be the case for almost all the legitimate mailing lists
you are on and count on." Meanwhile, editors at the popular Macintosh
newsletter TidBits, have told readers: "Be warned that we will not answer
any challenges generated in response to our mailing list postings. Thus, if
you're using a challenge-response system and not receiving TidBits, you'll
need to figure that out on your own."  [CNet News.com 27 May 2003; NewsScan
Daily, 27 May 2003]
  http://news.com.com/2010-1071_3-1009745.html?tag=fd_nc_1

---