Every so often I have someone express concern because they went to the airport and discovered that their name is on the TSA No Fly or Selectee list. I then have to explain how watch lists work. In almost every case, the answer is the person on the watch list is not them but someone with the same/similar name.
The underlying problem is that the information on these watch lists typically have low fidelity (i.e., limited data points like only name and date of birth). If you want to see an example of a government watch list check out the Office of Foreign Asset Control’s Specially Designated Nationals Watch List. You will find this frequently contains only a name, date of birth and place of birth. Financial institutions are required by US law not to transact with these folks.
So back to the airport ... when making an airline reservation, one typically provides a name, address, phone, credit card and sometimes a frequent flyer number. Well, the problem is the only relevant field for matching is the name. And names are matched with fuzzy logic which means matches can be found despite minor discrepancies and name variations (e.g., Bob and Robert). Using only fuzzy name matching in large populations of data produces many false positives.
One remedy often reported is to start using your middle initial when making airline reservations, which in most cases will cause your name to not match, unless of course the name on the watch list happens to have the same middle initial as you.
As watch lists grow, as they have in the post September 11 world, so do false positives. Additionally, the administrators of the watch list have to address a number of other policy and process challenges, for example, watch list redress.
Paul Rosenzweig and I thought through and addressed both of these key issues in a paper we co-authored entitled, “Correcting False Positives: Redress and the Watch List Conundrum” and published this past year by the Heritage Foundation.
In this paper we present solutions to redress and a consumer-driven method for handling false positives.
On a bright note, since I travel extensively, I can attest to the fact that I have seen someone that, after matching to a name on the No Fly list, was offered and elected to share another personal attribute. Coincidentally, this is an approach Rosenzweig and I championed in our paper. The premise is the flying public are in the best position to differentiate themselves from the watch listed individual by providing an additional attribute – rather than requiring large scale, automated access to public records data. Using such an approach should result in the individual not being matched on his next trip to the airport. This process used to be broken, and this new and improved process is certainly better than many other approaches.