The Terror Watch List's Tangle


By Burt Helm The National Security Agency intercepts a vague communication about terrorist activity on U.S. soil. An analyst in the National Counterterrorism Center in Virginia takes that information, and using data from several other agencies, identifies a U.S.-based suspect and passes the info to the FBI's Terrorist Screening Center (TSC).A few days later, the suspected terrorist -- missing until now -- happens to be pulled over for speeding in Maryland. The state trooper runs his name through the TSC's master terror watch-list database, and the man's name, photo, and fingerprints come up. Bingo, a potential catastrophe is averted.

At least that's what government officials hope will be able to happen -- some day. But computer incompatibilities, slow interagency negotiations, and formidable data-crunching challenges are hindering the coordination of U.S. intelligence data. While it has made progress, the TSC says it doesn't know when it will finish consolidating information from a dozen different criminal databases into a master "terrorist watch list" database that can be checked by state and local police, border agents, airport workers, and others (see BW Online, 5/11,05, "Connecting the Intel Dots").

WELL-KNOWN LAPSES. Meanwhile, the National Counterterrorism Center (NCTC), charged with analyzing all terror-related U.S. intelligence data, is faced with solving one of the most complex database challenges ever encountered, according to two experts.

Since the September 11 attacks, the White House and Congress have sought ways to increase the amount of intelligence data accessible to all agents and key agencies. In a now-famous memo from an FBI field office in Phoenix, an agent reported suspicions about Middle Eastern men training in Arizona flight schools prior to September, 2001.

Elsewhere, the CIA failed to immediately notify FBI and immigration authorities that it had placed two Saudi Arabian citizens, Khalid Almihdhar and Nawaf Alhazmi, on its terrorist watch list. The two men were allowed to enter the U.S., and they were among the group that went on to hijack American Airlines Flight 77 and crash it into the Pentagon.

The hope is that the U.S. will be able to prevent such lapses and foresee future attacks by consolidating and sharing data among intelligence and law-enforcement agencies, including the CIA, the FBI, the State Dept., the Defense Dept., and others.

BUREAUCRATIC AND BUGGY. But the TSC's watch-list consolidation project has seen numerous delays. According to a Mar. 8 report from the Government Accountability Office, the TSC has finished consolidating 10 of the 12 databases originally recommended for consolidation in an April, 2003, GAO report. But the TSC also told the GAO that it had "not yet determined" when it would complete consolidation of the other two databases -- the U.S. Immigration & Customs Enforcement's Automated Biometric Identification System and the FBI's Integrated Automated Fingerprint Identification System.

In fact, the TSC disputes the GAO report and now says it believes those systems -- both fingerprint databases -- are not technically "watch lists," and that the initial consolidation project has been completed. "We have consolidated all of the names of international and domestic terrorists" that exist within U.S. intelligence, says Donna Bucella, the director of the TSC.

"We have said that we do not have biometric information" in the master database, adds Timothy Healy, the TSC's deputy director. He admits that incorporating the biometric information into the master database was originally part of the plan, but he added that "[currently] we don't have the money to do that."

It has been a rough road for the TSC. A report issued by the Dept. of Homeland Security's Inspector General last October linked the delays to both technical hurdles and administrative holdups. According to the report, the TSC director "disbanded the first interagency working group because she was not happy with the approach it had taken" in late 2003. As of February, 2004, the TSC hadn't developed formal requirements as to what qualified a candidate for inclusion on its consolidated watch-list database.

TOO MANY TEMPS? The TSC has also faced myriad technical difficulties: While the State Dept.'s database had extremely sophisticated code for sorting through complicated foreign names, it's slow. On the other hand, the Justice Dept.'s National Crime Information Center, which is designed to help law-enforcement officials do background checks, operates much faster, but it can't handle complex Russian or Arabic names well.

Currently, state and local law-enforcement officials use the Justice Dept. database to connect to the TSC list, meaning they still experience the same lookup problems. When a match comes up, the officer must then dial the TSC call center, where an analyst can check the system directly for them. Eventually, the TSC wants to incorporate the biometric data and make it possible for law-enforcement personnel, border officials, and other agencies to query the watch list directly, using its own search engine. Officials at the TSC said they don't have a specific date when they think this could be completed, however.

The TSC came under criticism in March by the GAO for being unsure of the accuracy of its database. Plus, members of Congress knocked the program earlier this month, saying it was relying too heavily on temporary staff -- typically FBI agents who work for a stint of 90 days -- to perform its mission.

The TSC responded by saying it continually updates the list, adding and taking away "hundreds of names a day," when it gains new information, according to Healy. Bucella also added that she thought having temporary workers was an advantage, because it brought active FBI agents into the center, and let them "act as ambassadors for the program" when they returned to their regular duties.

REPETITIVE SEARCHES. A more thorough report on the Terrorist Screening Center's operations is expected to be released "within the next few weeks" by the Justice Dept.'s Inspector General, said a spokesperson for that office.

The National Counterterrorism Center has had its own challenges. As well as a mandate for organizing and analyzing U.S. terror-related intel data, the NCTC is supposed to report conclusions to top officials. It has been on this mission since 2003, when a forerunner of the agency, the Terrorist Threat Integration Center, was created. Last August, in an executive order of President Bush, its duties were spelled out and its name changed to the National Counterterrorism Center.

While the NCTC faces a daunting and complex task, its own technology is cumbersome, to say the least. Because several intelligence-agency computer networks are not connected to one another, the NCTC's analysts typically have five or six separate computers, depending on their level of clearance.

o query different databases, the analyst uses a switch to bring a specific computer up on his or her monitor, and then runs a search on each database individually. Bill Spalding, the chief information officer of the NCTC, says he has "at least six" different e-mail addresses he must check for work because of the network differences.

YEARS AWAY. Still, the present capabilities are a big step from just a few years ago, when no outside agent could get direct access to another intelligence agency's database. And a group that didn't even exist before 2003 needs to start somewhere. "All of these [intelligence] organizations have given us unprecedented access" says Spalding. "The good news is we're connected. The bad news is we're connected individually."

Since 2001, each agency has made technology upgrades a priority, according to Spalding. But "upgrading servers was the easy part," he says -- the hard part is negotiating agreements with 15 different agencies, ranging from the Coast Guard to the National Security Agency, concerning exactly what different analysts get to see. While all of the data will be shared with the NCTC, no NCTC analyst will have access to everything.

Those negotiations are still ongoing, says Spalding. And once those complex rules are decided upon, it will take years to implement an effective tool that lets analysts use one search window to see the right parts of the right files from different databases. "That's the nirvana state," Spalding muses.

NO DOWNTIME. While similar database integration is performed regularly in the private sector, few cases, if any, require coordinating so many security requirements -- and doing it in a way that lets users query the databases quickly and efficiently. "I don't think it's impossible" says Richard Winter, a database expert and founder of the Waltham (Mass.) consulting firm The Winter Corp. "It's still difficult to make a solution like this work, even if you have the right technology in the engine."

Moreover, the complexity is compounded by analysts needing to actively use the databases, even while upgrades take place. "It's a mess" to do that, says Spalding. So far, Spalding & Co. have managed to send a single query over two of the networks at once, enabling a search of six databases. "This sounds like this is an easy thing to do -- but it's a bit of a breakthrough for us," says the CIO.

While the "nirvana state" for U.S. intel data still may be far off, it appears steady steps forward will be the only way to get there. Helm is a reporter for BusinessWeek Online in New York


Tim Cook's Reboot
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus