Problems With The Federal No-Fly List

December 19, 2020 uncategorized


The recent Times Square bomb scare has raised a lot of questions about national security. One of the most alarming aspects of this attempted attack was how the alleged bomber, Faisal Shahzad, came to very close escaping. While I’m very glad that Shahzad was eventually seized, the fact that he was not apprehended until sitting comfortably on a runway is more than a little disconcerting.

Shahzad’s near-escape was due to several factors ranging from on the ground surveillance to automated systems which provide intelligence to airlines. As a technologist, I’m very interested in the systems our country has put in place to protect its citizens. As a citizen, I’m frustrated that for all the money we’ve invested into Homeland Security, and the near draconian measures we’ve enacted in previous years, we’re still dropping the ball in the realm of information.

How did Shahzad get past the ticket counter?

According to NYPD, on the ground surveillance teams lost track of Shahzad several hours before he arrived at JFK airport. I am not a law enforcement officer nor do I have the credentials to speculate on whether NYPD acted irresponsibly. But as someone who designs and develops information systems, I can make an informed assessment to the state of our current No-Fly list system.

Investigators acknowledge that the federal No-Fly list had been updated several hours before Shahzad’s flight. However the airline ticket counter system had not imported this updated list. Before this month, airlines were required to update their no-fly list only every 24 hours.1 Hence, Shahzad was able to make it through the ticket counter and security check-ins without apprehension.

From my perspective, this should never have happened. Why would we allow data, the nature of which can go stale within an hour, to be updated but once a day? While real-time data is not always realistically achievable in large scale systems, near-realtime (e.g. updated every hour or two) is completely achievable. Having built similar systems for corporate enterprises with much less resources than an airline or the federal government, it seems ridiculous that we don’t expect more from our information systems.

Where have we gone wrong?

Instead of addressing the information problem, we instead have focused on measures seeming to do little to inhibit terrorist acts or suspected terrorists from escaping. We cannot see loved ones away from terminal gates. We must strip down to our underwear to pass security checkpoints and suffer random searches (that means you, grandma). We must package liquids into neat 4oz bottles inside ZipLoc baggies (anyone else wonder how much ZipLoc is making from airports?). Our government and airlines seem to ask a lot from us for the privilege of flying. However, it appears that we expect little in return from them.

Think of all the additional labor cost incurred by airlines and consumers for the above security measures. We have created an entire workforce dedicated to silly countermeasures meant to make us feel safe, yet the stale information problem, which can be easily automated through technology, is completely ignored by politicians, law enforcement, and the airlines. I wonder if this recent event has caused stricter regulation on information policies at check-in counters. Heck, I wonder if my online criticism about our government’s enactment of security measures will put me on a watch-list somewhere. Perhaps I’ll even be asked some additional questions next time I check in at the airport.

Other posts