Based on what I find in Google, there’s only one other Chandler Howell out there in the world and popping up with any level of frequency. Back when I had the time to blog frequently, I had pretty much pushed him out of the top three pages of search results–ironic, given that he’s an electronic marketing expert.

The closest I’ve ever come to crossing paths with him was a year or so ago, when I had an email from someone who thought I might be the “other” Chandler Howell. He lives in Virginia, whereas I live in Chicago. They were very nice and we had a friendly exchange where I explained that was not the Chandler they were looking for (no Jedi Mind Tricks required).

Then, a few weeks ago, I was at Dulles airport in Washington, DC for a return flight to Chicago. I went to the electronic check-in terminal and swiped my credit card to identify myself. The terminal then asked me which itenerary was mine–the flight to Chicago or the flight to Boston?

I briefly considered heading over to his gate and finding him to introduce myself, seeing has I knew his flight number and could probably get the gate staff to page him for me, but I thought that might have been a bit much.

Still, I’m curious. How frequently does this happen to people named, say, John Smith or some other more common name, and how many people would consider this some sort of privacy invasion? I know that it’s pretty trivial compared to the data abuses being carried out on an ongoing basis by the US and other governments, but it still bothered me enough to write about it some weeks later now.

Yes, I could probably dig out the stats on name frequency and airline passenger volume and come up with some sort of estimate of passenger name collisions, but it’s Saturday so I’ll pass.

Bruce Schneier has a nice essay, “The War on the Unexpected” on how security is suppressing “the unorthodox, the unexpected.”

I like his somewhat-tangential comment about the ineffectiveness of various “rat out your neighbors/coworkers/etc” campaigns:

If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.

This holds true across all disciplines. One of the best selling points I have for why we (InfoSec experts) should be consulted is that this is our area of expertise. My argument goes, “If you have a legal problem, you consult a lawyer. If you have a financial problem, you consult an accountant. So if you have an Information Security problem, you should speak with an Information Security expert.”

The caveat, of course, is that this will only work (more than once) if your analysis and advice is correct, effective and helps solve their specific problem, rather than, say, the problem you would like them to have.

For a great example of how not to be an expert, consider airport security. It is supposedly run by experts and professionals, yet is one of the most amateur hour farces you will ever encounter.