Security in the 21st century must migrate, as all other disciplines must, to the new reality of the necessity of increased levels of granularity in data. We can no longer use the antiquated software work-arounds from previous generations of software systems, especially in the area of security. This was brought home to me in a very personal way when I found myself trying to take a seat on a plane that was already taken. The incident involved a very simple error, one nobody bothers to even think about, including myself, until it becomes an issue. In this case, the person who had already claimed the seat was legitimate, I was the one who was out of place. The error was a simple one, but the very simplicity of the error highlights the danger of trusting systems that must rely on inadequate data, complicated by the human interface, to operate properly. His name and mine differ only in the spelling of the first name to the airlines, even though our last names are very different. However, since airlines still rely a great deal on the first four letters of a passenger's last name, the error is sadly one that could (and probably does) occur regularly. This is the same kind of lazy programming that was behind the Y2K bug (the lack of foresight in that issue still staggers the mind in certain ways). The kink was they misspelled my first name, a common misspelling that even I have grown accustomed to, otherwise I could have prevented the entire situation by just being a little more anal. My first name is Alix, with an "I", and the common misspelling is Alex with an "e". Since both of us were "Paul/Alex", we were the same person in the system; hence the same seat assignment, and the security breakdown. There is no way today that two different people should be allowed to carry the same travel documents, but it happened just because someone misspelled my first name. If I had checked baggage, those clothes would have seen Houston before they came home. This error made it through multiple security checkpoints, not one TSA agent or airline personnel bothered to point out my first name on my travel documents did not match the first name in my ID, as Alex/Alix is a common misspelling. This only makes me wonder how many casual situations are open to exploitation due to assumptions. (as I pointed out earlier, I am as guilty as anyone else, as I know how my first name is spelled too.) This is not to single out the airline itself, because this incident could have happened on any airline, they all use the same four-letter name systems. This is to highlight the issue of proper security implementation. What if I (or the other gentleman) wasn't in the mood to actually fly?
PDF
