Why information sharing is not always enough

Sounds of anger and signs of action are following the failed attempt to blow up a U.S. jetliner on Christmas Day. We are lucky it is an averted disaster focusing our attention, but our national security must depend on more than luck.

We need immediate changes in policy and practice — in the way people think and make decisions at all agencies and in their collaborations with the private sector — to bring about a virtual reorganization of government to effectively meet the challenge of those who will strike anytime and anywhere.

The Markle Task Force on National Security in the Information Age developed a networked model that frames our post-Sept. 11 laws and uses the best technology and the best management know-how to connect information and people in the private sector with all levels of government — federal, state and local — so America is safer. We urgently must effect these changes. We must create an information-sharing framework that enables technology and people to work together not only to make information available but also to make sense of that information.

The Markle task force envisions that information sharing will change how government does business by creating a distributed network of all relevant government participants — not just the intelligence community — and the private sector to allow information to be discovered and understood with the help of computers. The job isn’t done when information is shared but rather when it is thoroughly analyzed by people not only collecting the dots but also connecting them.

For example, when the National Counterterrorism Center puts someone in the Terrorist Identities Datamart Environment (TIDE) database and that person has a visa, the center should alert the State Department. Both agencies should be responsible for running down the lead, but first they both have to know they are interested in the same person or subject.

When the Christmas Day bomber was added to the TIDE database, it was instantly knowable that this person had previously been approved for a U.S. visa, but nothing was in place to trigger reconsideration of that visa. Such a mechanism could be implemented if TIDE were updated with active visas or if it related new queries to questions it has been asked in the past, much as online booksellers recommend new books based on previous purchases.

Such real-time, virtual collaboration promotes agile decision-making by eliminating the seams between departments and agencies that can be exploited by those who would do us harm.

A transformative information-sharing approach allows authorized systems and users to quickly and efficiently discover existing data, in much the same way that a library catalog allows someone to locate a book. And a decentralized approach improves security and minimizes privacy risks because although the existence of information is initially conveyed, the data is not accessible until someone with a need for it queries the system.

A new concept called authorized use will be more important to the functioning of that kind of intelligence network than classification has been in the past. That standard determines whether a user is authorized to see information, overcoming obstacles in the present system of classification by permitting people to obtain information based on their role, mission and purpose.

The next terrorist attack might not come from the air but from cyberspace or biological weapons. Information sharing and a capacity to make sense of shared data are critical to protecting the nation.