Forgot your password?
typodupeerror
Crime Databases News

TSA Missed Boston Bomber Because His Name Was Misspelled In a Database 275

Posted by Soulskill
from the let's-blame-technology dept.
schwit1 sends this news from The Verge: "Tamerlan Tsarnaev, the primary conspirator in the Boston Marathon bombing that killed three people, slipped through airport security because his name was misspelled in a database, according to a new Congressional report. The Russian intelligence agency warned U.S. authorities twice that Tsarnaev was a radical Islamist and potentially dangerous. As a result, Tsarnaev was entered into two U.S. government databases: the Terrorist Identities Datamart Environment and the Treasury Enforcement Communications System (TECS), an interagency border inspection database.

A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
This discussion has been archived. No new comments can be posted.

TSA Missed Boston Bomber Because His Name Was Misspelled In a Database

Comments Filter:
  • Jeez (Score:5, Funny)

    by Tablizer (95088) on Wednesday March 26, 2014 @07:33PM (#46588851) Homepage Journal

    That's a bomber, I mean bummer.

    • Re:Jeez (Score:5, Interesting)

      by Anonymous Coward on Wednesday March 26, 2014 @08:46PM (#46589305)

      Hate to see the guy that was mistaken as the terrorist because of a wrong letter.

      http://en.wikipedia.org/wiki/Brazil_(1985_film)
      >One day he is assigned the task of trying to rectify an error caused by a fly getting jammed in a printer, which caused it to misprint a file, resulting in the incarceration and death during interrogation of Mr. Archibald Buttle instead of the suspected "terrorist", Archibald Tuttle.

      Good movie.

    • by maz2331 (1104901)

      No, a Bimmer!

    • Too Tsunami.

      Besides which you cannot possibly blame the TSA. They were faaaaaaaaarrrrrr too busy patting down 5 yr olds/senior citizens and running hot girls through the "porno scanner" to be bothered hunting for real terrorists.

      I would say that all this shows how wisely spent all those billions were.
  • by Anonymous Coward on Wednesday March 26, 2014 @07:37PM (#46588873)

    The TSA is operated by some of the most incompetent people the USA has to offer. They are the problem, not the hardware or software. I fail to see why they should get a "free pass" here on account of a bad database entry. Heads should be hung over this, especially considering the justifications thrown around for the continued existence of the TSA.

    • The "bad database entry" wasn't a fault of the database. It was human error, and the summary makes that completely clear.
    • by cyn1c77 (928549)

      The TSA is operated by some of the most incompetent people the USA has to offer. They are the problem, not the hardware or software. I fail to see why they should get a "free pass" here on account of a bad database entry. Heads should be hung over this, especially considering the justifications thrown around for the continued existence of the TSA.

      Yeah, and they will spin this concept to argue that they need more money so that they can hire:
      1. better quality staff,
      2. more training for the staff they have,
      3. advanced software,
      etc...

    • by bickerdyke (670000) on Thursday March 27, 2014 @05:02AM (#46591031)

      The TSA is operated by some of the most incompetent people the USA has to offer. They are the problem, not the hardware or software.

      Not neccessarily. The problem is the political setup of this whole thing.

      From top manager to front row goon: You're on the safe side as long as you never think and just follow orders. No mistakes will get you promoted at some point. But deviation from the rules will either let a terrorist slip through or earn you some re-training, if your manager sees it.

      And it's the same at the top tier: New security theater rules can always be explained as "inconvinient but neccessary". But lifting even the most stupid rule of all is only a personal risk, if at some point in time after lifting a rule an incident is indeed happening.

      So there is simply no incentive to be sensilbe.

  • by SuperKendall (25149) on Wednesday March 26, 2014 @07:41PM (#46588903)

    I've seen this story about Russia giving us warnings about the Boston bomber floating around elsewhere recently, why is this news now? We knew this back in 2013 [bostonglobe.com].

    Despite the misspelling, the FBI interviewed him and determined he was no threat (unlike his friend who they interviewed after the bombing, and shot to death during the interview).

    So what would it have mattered if airport security searched him after one of his trips to Russia? It's almost certain he wasn't carrying anything that would have got him arrested.

  • by rk (6314) on Wednesday March 26, 2014 @07:41PM (#46588905) Journal

    soundex [wikipedia.org]

    Levenshtein distance [wikipedia.org]

    Hamming distance [wikipedia.org]

    More like this, can't be arsed to go looking them up, though. Those were three I knew off the cuff.

    • by Cryacin (657549) on Wednesday March 26, 2014 @08:00PM (#46589049)
      So, Mr oBama would have a Levenshtein distance of 1 with oSama then? Good job there.
      • Re: (Score:2, Informative)

        by Dragonslicer (991472)

        So, Mr oBama would have a Levenshtein distance of 1 with oSama then? Good job there.

        If you were comparing only someone's first name to only someone else's last name, sure.

        • by drinkypoo (153816)

          If you were comparing only someone's first name to only someone else's last name, sure.

          Let's just hope that all the names are dumped in as keywords. Then he's got two interesting names.

      • So, Mr oBama would have a Levenshtein distance of 1 with oSama then? Good job there.

        Apparently you haven't read the comments section of the weekly standard lately.

    • by vux984 (928602)

      A major problem with soundex is false positives. A terrorist named John Smith on the watch list would be hell on a lot of people... but if they were using soundex... he's now J500 S530. So Now Jan, Jim, Jens, Jon, Jaymee, Jayne, Jane cross product with Smith, Smit, Smite, Smithe, Smithee, Smythe, Smathe, Snuthe, Smothe...

      all get caught in that web.

      Similar problems exist for hamming and so on. There's a LOT of very different names a very short "distance" from each other in nearly any scheme.

      But on top of all

      • by stdarg (456557)

        While you are raising valid concerns about algorithms like soundex, aren't they minor concerns? Yeah there could be a typo in the name. But in the case we're talking about, it wasn't a typo, it was an alternate phonetic spelling.

        And regarding false positives, luckily there aren't many terrorists today named John Smith. False positives would be restricted to relatively small populations anyway, like Muslims and non-Western names. How many "bin laden/bin ladin/bin ladan/ben laden/etc" names are there in the U

        • by vux984 (928602)

          How many "bin laden/bin ladin/bin ladan/ben laden/etc" names are there in the US

          bin Laden is, if i recall correctly, little more than "son of Laden"

          Osama's full name per wikipedia is:

          Osama bin Mohammed bin Awad bin Laden

          Granted its not a common American name, but as a middle eastern name, it might as well be Tom O'Conner.

          False positives would be restricted to relatively small populations anyway, like Muslims and non-Western names.

          Yes. Small populations, like "foreigners". This is not a good plan.

          The other

    • by rubycodez (864176)

      you are trying to educate the morons who made the "No Fly" list using only *names* ??

  • Horseshit (Score:2, Troll)

    by Tailhook (98486)

    They would have "missed" Tsarnaev if he had a siren and a pink neon "TERRORIST" sign bolted to his forehead. Re: Nidal Hasan.

    They only miss things they aren't interested in finding.

  • Significance? (Score:5, Insightful)

    by mwehle (2491950) on Wednesday March 26, 2014 @07:44PM (#46588915) Homepage
    I think the tacit implication here is that if Tsarnaev had been questioned on exiting the country the Boston Marathon bombing might have been averted, but is there really any substance to this? Do we think he would have changed plans had he been questioned? Pressure cooker outlets would have been alerted to refuse to sell him cookware? What exactly would the outcome likely have been had he been questioned?
  • transliteration (Score:5, Informative)

    by Heraklit (29346) on Wednesday March 26, 2014 @07:45PM (#46588917) Homepage Journal
    News at Nine: transliterations of names can be tricky... Some parts of the world use different alphabets...
    • It's a bigger problem than just that. There are multiple systems for mapping various foreign names into English, and many variant spellings. Then there are what you could refer to as a "fully qualified name" that may not map well into the first-middle-last convention in many places in European languages. In some areas the full name could include things like tribe and/or clan, geographic designations, additional honorifics, and other possibilities. The same person could use multiple names depending on wh

      • by Livius (318358)

        It could be worse. Before the printing press, proper names were generally translated, not just transliterated.

  • by shutdown -p now (807394) on Wednesday March 26, 2014 @07:45PM (#46588921) Journal

    It was not misspelled, it was just transliterated differently. The original name is Cyrillic, and "Tsarnayev" is actually closer to how it is supposed to be pronounced, but "Tsarnaev" is the more usual letter-for-letter transliteration that doesn't distinguish two modes of Russian "e" (it's pronounced as "e" in general, but as "ye" after vowels and at the beginning of words), and is the one that's usually used in passports. I wouldn't be surprised if "Tsarnayev" was how it was spelled in the documents that they've got from Russia, because the person on the other side translated it phonetically...

    Either way, this points at a glaring issue in all those databases. If they require a perfect match, they're going to be very flaky for all kinds of foreign names - ironically, Arabic ones especially, which I assume are the most commonly searched ones. Remember that whole Qaddafi vs Gaddafi vs Kaddafi in US press when Libya was on the front pages?

    Yet another evidence that all this stuff is little more but security theater. It doesn't matter whether it actually works, so long as people are convinced that it does. Unfortunately, they actually let a real terrorist through this time...

    • by manicb (1633645) on Wednesday March 26, 2014 @08:02PM (#46589061)

      If only there were some kind of universal character set that included all these scripts

      • I doubt having them type names in their original script would help matters. Cyrillic is easy, but how many DHS agents can input Arabic? Chinese? If anything, I'd suspect that the amount of typos would increase significantly.

        What they need to do is proper phonetic match, tailored to the specific language in question (i.e. if it's an English name, use soundex or something along those lines, if it's Russian, use the Russian equivalent etc).

        Of course, what they really need is to just drop all this bullshit and

        • by jd2112 (1535857)

          I doubt having them type names in their original script would help matters. Cyrillic is easy, but how many DHS agents can input Arabic? Chinese?

          English?

        • by AHuxley (892839)
          Passports are usually scanned to prevent human "type names" issues.
          • Yes, you have a point there. I suppose there's no reason why they shouldn't have the name in original script alongside the English transliteration, at least, and check matches for both.

            Do current passports encode the native script in machine-readable format, though?

      • by Ichijo (607641)
        This is about transliterating to Latin. What's needed is to transliterate each name all possible ways [wikipedia.org] and store all the transliterations in the database as alternate spellings for the same name.
    • by AHuxley (892839) on Wednesday March 26, 2014 @08:35PM (#46589257) Homepage Journal
      Russian names should not be an issue for the USA in ~2000~2014. They have spent vast sums educating their mil and gov during the cold war and have had US digital database experts since the 1960's...
      The US is not some loser nation with massive budget restrictions upgrading from paper files to imported super computers in the 1970's.
      The US is not some loser nation with massive budget restrictions trying to find staff with language skills in the 1950's.
      This is not Korea or Vietnam in the 1950-60's where the US gov did have to play catch up.
      The USA did great work tracking the KGB/GRU and others within the USA for many decades and that took spelling skills and complex shared database work.
      The USA did great work tracking the KGB/GRU staff changes... and that took spelling and database work too.
      If the USA is having issues with Russian names in a US gov database after 2000++ - someone has ensured a name is protected/free to travel.
    • I doubt it was an accident either. Remember movie stores? If I got a big enough late fee I'd just go back to the store and use my given name instead of my nick name to get a new card. Charles or Charlie, John or Johnathan, etc... Worked every time.

      • My understanding is that the misspelling did not originate with the guy himself. It's not like he has two passports, when he crosses the border it's his passport that'll be used to identify him, and the name as it is spelled there (and that would normally be "-ev" rather than "-yev"). The screw-up happened where they were compiling the no-go list, and the alternative spelling slipped in somehow - and if I had to guess, they just keyed it in letter by letter from the email or fax that they've got from Russia

    • by rtb61 (674572)

      C'mon seriously that excuse is just total bullshit. It is the same as claiming they could not arrest John Smith because they could not identify him because there are too many John Smiths. This lame excuse is a red flag something decidedly worse going on. Reality check, it works like this, one entry in one data base and no one worries much about you and spelled right or wrong makes not much difference basically to claim such would also mean you didn't bother to add other details like appearance, location, a

      • You assume some degree of competence. I don't think that is justified.

        I mean, we're talking about the country where a top-secret "No Such Agency" intelligence gathering service has just let a rank and file sysadmin walk out with a dump of the entire internal network, including numerous classified and top secret documents, on his USB flash stick, and board a plane to another country under his real name with said stick in his pocket.

        • by AHuxley (892839)
          Snowden was flagged by the CIA but then got a contractor job with the NSA... just another database issue?
          http://www.nytimes.com/2013/10... [nytimes.com]
          • I can totally imagine how everyone and their dog have their own database, and a lot of those databases are not cross-referenced because no-one making these decisions even knows of their existence.

        • by rtb61 (674572)

          Well contractor access to top secret data bases just smells to high heaven of plausible denial-ability. Basically under corporate direction the mass media channel that is the United States government was instructed to allow military industrial complex corporations full access to their top secret databases, as a ruse in plausible denial-ability this was provided upon the basis of lax security. The problem with that plausible denial-ability excuse is basically resulted in lax security that could be readily e

  • soudex? (Score:2, Interesting)

    by job0 (134689)

    haven't they heard of soundex?

    • Or the metaphone variants? There exist a whole family of phonetic algorithms designed for just this very purpose.
    • Or Levenshtein distance [wikipedia.org].

      I knew a Mexican citizen with a green card who would be constantly harassed and held for questioning when entering from Canada because his name was similar but not the same as an alias used by someone on the 10 most wanted list. Apparently their matching algorithm is thrown for a loop by Slavic names.

  • by quietwalker (969769) <pdughi@gmail.com> on Wednesday March 26, 2014 @07:48PM (#46588955)

    I've written about this before; I used to write financial software for a living, and one of the requirements for a US bank was to provide a mechanism to detect transactions by an unauthorized person.

    In short, the govt. provides a list of bad people in a text file. One name per line, all upper case, like it came out of an old batch system. We then check to see if the sender or receiver of any transaction /EXACTLY/ matches that string, case insensitive. If it's an exact letter-for-letter match, there's a flag that's set and the transaction is delayed, but it appears to go through as normal(*). What happens after that is the bank's responsibility, but that's the whole of the complexity.

    Whoever made the list usually has a few variants of spelling; OSAMA BIN LADEN or OMASA BIN LADEN or OSMA BIN LADEN, for example. But that's it. Just spelling your name slightly differently is enough to avoid the flag. We're literally not allowed to add anything else, like soundex matching or handling foreign letters.

    This is ~probably~ also how the TSA no fly list works, and why you still hear about false positives from time to time. It's also probably how any security works until it's been around for 20 years and they hire a contracting company to make them really good software that does what they want, instead of what they think they want it to do.

    It just takes a very long time for software designed by a legislative committee with no technical awareness to morph into something usable, but that's government for you.

    * - most transactions are not sent out until the end-of-day reconciliation anyway, so it looks like it's accepted like most other transactions, probably in a 'pending' state in your online balance - unless you're paying for a wire transfer or something.

    • by jrumney (197329)

      It's also probably how any security works until it's been around for 20 years and they hire a contracting company to make them really good software that does what they want, instead of what they think they want it to do.

      You really don't understand the companies that are awarded government contracts, do you? Figuring out what the customer really wants is not part of their job description, and is most likely grounds for being put on the first plane back to India. You give the customer exactly what they ask

    • Using Soundex on something like the terrorist watch list would undoubtedly increase the false positive rate, even though it would solve the true positive problem laid out by the summary. We need something that doesn't create far more problems (you know, like expanding the invasion of rights) than it solves.
      • by stdarg (456557)

        Looser name matching would increase false positives, but profiling would probably balance that out. Of course that would entail further invasion of privacy etc. If the authorities do it correctly, it would be pretty minor though. You have nothing to fear unless you start going to a mosque, etc.

  • by Max Threshold (540114) on Wednesday March 26, 2014 @08:02PM (#46589065)

    Neither "Tsarnaev" nor "Tsarnayev" is the correct spelling; the correct spelling is "ЦÐÑнÐÌÐÐ".

    As another commenter mentioned, utility companies solved this problem decades ago with technology like Soundex. Our intelligence apparatus is apparently crippled by incompetence, laziness, haste, provincialism, or all of the above.

  • by puddingebola (2036796) on Wednesday March 26, 2014 @08:04PM (#46589081) Journal
    Tamerlan Tsarnaev- T-I-M-T-H-O-M-A-S. I am professional hockey player.
  • by 140Mandak262Jamuna (970587) on Wednesday March 26, 2014 @08:09PM (#46589107) Journal
    That fiend had changed his name to "Tsarnayev'); DROP TABLE Terrorists; --"
  • Get rid of the TSA! (Score:5, Interesting)

    by colin_faber (1083673) on Wednesday March 26, 2014 @08:12PM (#46589129)

    Seriously, this entire organization encompasses everything wrong with the Federal government. Massive privacy overreach, complete incompetence, and a literal NIGHTMARE BUREAUCRACY! This is one of the worst aspects of the Bush legacy, and "The One" has not done anything to curtail its power: http://www.cnn.com/2010/TRAVEL... [cnn.com]

    • by ShaunC (203807) on Wednesday March 26, 2014 @09:31PM (#46589497)

      It's also an enormous jobs program, employing 50,000 nut-cuppers and breast-gropers alone, without even getting started on air marshals, behavioral analysts, and of course thousands more management positions. Don't expect TSA disappear anytime soon, no matter who's in the White House.

      • by Sir Holo (531007)
        Mod parent up.

        TSA was created not only a gigantic practical-joke on the middle class. It was also created as a means to mask growing unemployment. All for political points.

        "Fiscal responsibility" indeed.
  • Shoulda used Google (Score:2, Interesting)

    by LoRdTAW (99712)

    Agent: Tamerlan Tsarnev

    Google: Did you mean: Tamerlan Tsarnaev

    That would have solved the problem.

    • by TCM (130219)

      Genius!

      Just use a current search engine but with a future database and actch all terrorists! Why didn't anyone think of that?!

    • by dave420 (699308)
      Find a time machine, go back to *before* the attacks, and try that again.
  • by turkeydance (1266624) on Wednesday March 26, 2014 @08:26PM (#46589201)
    john or jhon or joohn....... every one gets a different one.
  • by Idou (572394) on Wednesday March 26, 2014 @08:38PM (#46589279) Journal
    It should have been: Archibald Tuttle
  • by Patent Lover (779809) on Wednesday March 26, 2014 @09:09PM (#46589417)
    ... this had nothing to do with the TSA. They just make sure people bring bombs, snow globes, or nail clippers onto planes. Even if they detained the correctly spelled Tsarnaev, he did nothing illegal until he built and set off a bomb. Some day the DHS will realize that they have to do real police work instead of making lists that depend on correctly spelled names.
  • by 7-Vodka (195504) on Wednesday March 26, 2014 @11:00PM (#46589931) Journal
    They missed the Boston bombers because they are spying ON EVERYONE instead of focusing the spying, based on probable cause, on the correct folks.
    • Re:No (Score:5, Insightful)

      by Sir Holo (531007) on Wednesday March 26, 2014 @11:36PM (#46590083)

      They missed the Boston bombers because they are spying ON EVERYONE instead of focusing the spying, based on probable cause, on the correct folks.

      Well, yes. But, paradoxically, failure earns the spy agencies more funding.

      "If we had been provided with enough resources, we could have caught the bad guys!"

      The solution is to limit (yet again) exactly who they can spy on. These children need to be spanked, not rewarded with ice cream.

  • Until somebody re-invents fuzzy search, this will remain a problem for transliterations between Roman and Russian alphabets.

Uncompensated overtime? Just Say No.

Working...