How feds have put IT to work for homeland security, and the work that needs to be done
The Transportation Security Administration has ordered software that will dig deep into databases to conduct background checks and risk assessments on airline passengers before they are allowed to board flights.
At the FBI, meanwhile, computers mine databases for telltale patterns of behavior that suggest terrorist activity. Warning signs are being culled from inconsistencies in the use of Social Security numbers, immigration records and even data related to scuba diving licenses.
Since the terrorist attacks last Sept. 11, officials in government and industry have been searching for ways to protect the United States against future attacks. They have almost exclusively turned to technology.
"I would say we're better off — more secure — than we were a year ago," said Steve Cooper, senior director for information integration and chief information officer at the Office of Homeland Security.
Early and sometimes outlandish proposals, such as fitting airliners with remote-control systems, have given way to more practical plans, such as creating database and reporting requirements to keep better track of foreign students in the United States.
In the homeland security strategy he issued in July, President Bush declared that "the nation's advantage in science and technology is a key to securing the homeland." He called for creating new technologies to analyze threats, share information and counter attacks.
But the president's zeal for technology is not universally shared. Schemes to tighten security by issuing national identification cards and monitoring public areas with facial- recognition systems, for example, have collided head on with essential American notions about privacy and civil liberties guaranteed by the Constitution.
Such concerns, as well as technology's inherent complexity, have limited the progress in using technology to combat terrorism.
"We're not as far along as I would like us to be," Cooper conceded in an interview in late August. "It's taking more time than we thought."
Missed Connections
A key technological deficiency highlighted by the Sept. 11 attacks was the inability of agencies — including the FBI, the CIA, the Immigration and Naturalization Service and the State Department — to share information about terrorists and terrorist threats.
In a statement in January, Bush said, "In the wake of Sept. 11, we discovered that information on the hijackers' activities was available through a variety of databases."
Unfortunately, no individual or agency was able to "connect the dots." Thus, the State Department issued a visa to Mohamed Atta, the suspected ringleader of the Sept. 11 attacks, unaware that U.S. intelligence agencies knew that Atta had ties to Osama bin Laden.
At the FBI, officials in Washington, D.C., never saw an internal memo written two months before the terrorist attacks raising concerns about Middle Eastern men attending U.S. flight schools. And at INS, a contractor issued student visas to two of the hijackers six months after they died in the attacks.
"Looking forward, we must build a system that combines threat information and then transmits it as needed to all relevant law enforcement and public safety officials," Bush said in January.
But in his homeland security strategy, Bush indicated that little had changed. He said much of the information needed to combat terrorism still "exists in disparate databases," and "in many cases, these computer systems cannot share information."
Solving the problem has become a top priority for the FBI and the CIA, two central players in the war against terrorism, said Mark Tanner, information resources manager at the FBI. "It's something we all recognize needs to be done, and now there's a new sense of urgency to do it."
Last spring, the FBI created an Integrated Intelligence Information Application database that enables it and other agencies within the Justice Department to share information collected from outside sources, including INS and the State Department.
The agencies are also sharing personnel. "We've got a number of CIA employees detailed to the bureau," including the new chief of the FBI's Office of Intelligence, Tanner said.
In the search for a long-term solution, the FBI, CIA and other intelligence agencies are developing common architecture and metadata standards that will enable them to connect databases and more easily share and analyze data, he said.
But newfound cooperation among agencies solves only part of the problem. "The FBI's [computer] infrastructure needs to be upgraded to take advantage of modern tools that allow collaboration," Tanner said.
Immediately after the terrorist attacks, FBI Director Robert Mueller tried to speed up a massive, three-year project to upgrade the FBI's computer systems. But this summer, he concluded that the Trilogy project can't be done any faster.
So far, Trilogy's accomplishments include deploying more than 17,000 workstations, printers and office software in field offices around the country. But it will take until next spring to complete the network that will connect all FBI offices and until mid-2004 to complete the full Trilogy system.
In a separate information-sharing effort, the FBI has made its terrorist watch list available to TSA, INS, the Border Patrol, and state and local police. The bureau has also linked two online law enforcement information-sharing services and built the prototype for a data-mining system that zeros in on data related to terrorism, Tanner said.
Those are relatively small steps, "but you gotta crawl before you can walk," said Steven Aftergood, a senior research analyst at the Federation of American Scientists.
"We're still in the early phases of a long-term transformation, particularly in the case of the FBI," he said.
Something to Show
Cooper's assessment is more positive. "Overall, the message I want to convey is that we have done real work that has added capability that didn't exist last Sept. 11," he said.
One example is work done by the Customs Service. On Aug. 26, the cargo-inspection agency began screening high-risk cargo containers in foreign ports rather than waiting until it arrives in U.S. ports.
"We don't want to wait for the nuke in the box" to reach the United States, said Customs Commissioner Robert Bonner.
Explosion of a chemical, biological or radiological weapon smuggled into the United States in a cargo container would be devastating — not just to the United States, but to global trade, Bonner said. After such an event, "container ships would not be allowed to enter U.S. ports."
Customs inspectors have begun using large-scale X-ray, gamma ray and chemical detectors to screen cargo before it leaves Rotterdam, Netherlands. Similar equipment will likely be placed at 19 other European and Asian ports, where it can screen about 70 percent of the cargo being shipped to the United States. That will free U.S.-based inspectors to concentrate on the 30 percent that is not prescreened, Bonner said.
In July, in another high-tech security achievement, INS officials activated a computerized system for tracking foreign students. And on the anniversary of the terrorist attacks, INS plans to begin fingerprinting and photographing thousands of foreign visitors as they arrive in the United States if they are deemed to pose a threat to national security.
For now, that includes all visitors from Iran, Iraq, Libya, Sudan and Syria, and anyone else identified as a possible threat based on undisclosed criteria.
Fingerprints will be digitized and compared to those in FBI databases of criminals and wanted terrorists. The process is expected to take about 10 minutes, INS officials say.
While computers search for fingerprint matches, visitors will be required to provide information about their planned activities in the United States.
If admitted, visitors will be required to report back to INS within 30 days, providing additional information on their whereabouts and activities. Finally, they will also be required to register when they leave the United States.
Data on those who fail to comply will be added to the FBI's National Crime Information Center database, where it could trigger alerts to local, state and federal police.
The heart of Bush's security plan is the proposed Homeland Security Department.
After months of resisting the creation of a new Cabinet-level agency, Bush changed his mind and in June unveiled his blueprint for a department pieced together by shifting 22 offices and 170,000 employees from other agencies.
Bureaus and branches including Customs, the Secret Service, INS, the Border Patrol, the Coast Guard and TSA would move to the new department. So would lesser-known entities such as the FBI's National Infrastructure Protection Center.
The plan has been approved by the House, but awaits action by the Senate, where a battle over employee job security threatens to stall approval of the plan.
Elsewhere, the president's plan gets mixed reactions.
"The previous organization — or lack of organization — was clearly not adequate," said Dave McIntyre, deputy director of the Anser Institute for Homeland Security. "Whether the Department of Homeland Security will get it right the first time, history suggests not."
Robert Levine, a senior economic consultant at the think tank Rand, said the conglomeration of agencies that would constitute the new department will pull it in "irrelevant directions like rescue at sea and salmonella inspection."
However, he said Bush's plan does contain the key to homeland security — intelligence analysis. "The government had a lot of information before Sept. 11. It has much more now, but nobody knows what to do with it. It must be sorted out to find the real threats."
It remains far from certain that the Homeland Security Department will be given the analytical horsepower it needs.
Government specialists at the Brookings Institution fear that the new department's ability to analyze intelligence information will be "inadequate to that task." The department information unit "will not have regular or routine access to raw intelligence and law enforcement information necessary to make an informed analysis of possible threats," they wrote in a report this summer.
The Brookings scholars suggest transferring the FBI's Office of Intelligence, which was created in May in response to the terrorist attacks, to the Homeland Security Department.
Debate about the government's shortcomings in collecting, sharing and analyzing intelligence information and how to solve them has touched off a more fundamental debate about the effects proposed enhancements will have on citizens' privacy and civil liberties.
"Fears are often expressed that massive data sharing would move the United States closer to Big Brother practices having nothing to do with preventing terrorism," said Michael O'Hanlon, one of the Brookings analysts.
Proposals for adopting "smart" driver's licenses and using facial-recognition systems in public places, for example, sounded alarms about whether the collected data might be used to monitor the activities of ordinary citizens.
Passage of the USA Patriot Act just six weeks after the terrorist attacks evoked cries of alarm from civil liberties organizations. Among other things, the act grants federal law enforcement officials greater authority to trace and intercept mobile phone and e-mail communications without court supervision.
Civil libertarians were further alarmed last spring when Attorney General John Ashcroft changed the FBI's investigative guidelines, freeing agents to comb Internet sites and mine commercial databases for personal information.
They are equally suspicious of TSA's plan to use computers and databases to conduct extensive background checks of airline passengers.
TSA is designing a computer system that can screen airline passengers by instantaneously retrieving and analyzing information about them from commercial and government databases. The system would scrutinize data such as previous travel habits, past criminal convictions, visa status, financial condition, employment circumstances and more.
The system, called Computer Assisted Passenger Prescreening System (CAPPS) II, is intended to identify airline passengers who warrant closer examination by security personnel. In a report to Congress in May, TSA officials said they hoped to begin installing the system at airports this fall.
Officials at organizations such as the Electronic Privacy Information Center (EPIC) worry that the system will be overly intrusive. In a lawsuit to get more information about the system from TSA, center officials questioned whether the CAPPS II system might conduct unconstitutional searches. But computer industry officials say similar systems are already in use in the private sector for marketing and other forms of "customer resource management."
In another plan built around detailed background checks, TSA is designing a "trusted traveler" program in which air travelers would be thoroughly prescreened and, if approved, would be issued a secure ID card that would allow them to bypass the long lines at airport security checkpoints.
The ID is expected to be a smart card containing one or more biometric identifiers, such as a fingerprint, and other digital information about the holder.
Plans for a similar but more widely used card appear to have stalled: The American Association of Motor Vehicle Administrators' call to create standardized driver's licenses that include biometric identifiers met with both acclaim and enmity when it was issued in January. Legislation supporting the plan has sputtered in the House and was never introduced in the Senate.
Supporters said the ease with which the Sept. 11 hijackers fraudulently obtained driver's licenses in Virginia, Florida and other states clearly illustrates the need for more stringent standards. But opponents of the plan, including EPIC and the American Civil Liberties Union, denounced it as creating a de facto national ID card.
Privacy advocates worry that machine-readable information on the cards would be tucked into databases whenever the cards are shown for identification, whether at an airline ticket counter or a video rental store, creating an extensive and traceable electronic trail.
Although Bush administration officials have repeatedly said that they do not support the idea of a national ID card, the Office of Homeland Security offered to draft model legislation for standardized driver's licenses for states to adopt.
Brookings' O'Hanlon contends that the technologies that seem to threaten privacy can also be used to enhance it. "It is easier to monitor how officials access and use electronic records than to track how they use paper records," he said. And computer systems can be set to limit the access that people such as sales clerks have to personal information, he added.
Mihir Kshirsagar, a policy analyst at EPIC, is not reassured. "It's hard to project how all this will change things," he said. Although he does not predict the rise of a Big Brother police state, he does foresee a time when the quality of your ID documents might make a difference.
"You could start seeing different tiers emerging in society," he said. For example, those with good credit and spotless records might find it easy to obtain private and government services, while those with less-than-perfect dossiers might find themselves excluded.
And there are other perils, Kshirsagar said. "One of the grave dangers is that information can be used maliciously by someone." And what if some of the electronic data is incorrect? Will it be possible to correct errors? Will innocent people become victims of technology? "People may stop trusting so much," and everyday life may take on "the feeling that you're being watched," he said.
Indeed, greater use of information technology probably will "make us think differently about privacy," agreed the Office of Homeland Security's Cooper. But video cameras in convenience stores had the same effect, he pointed out.
Cooper is not dismissive of the concerns expressed by Kshirsagar and other privacy advocates.
"All of us should think about what the government is doing and for what purpose," he said. And as the government moves forward, it must keep the public informed. "It is essential that we have an open dialogue. We must explain how it will foster security and not invade civil liberties."
Like his boss, the president, Cooper says he is confident that technology will provide solutions to homeland security problems. "Over the next four or five years, the impact of technology on security will be significant," he said.
Initially, Americans may be apprehensive. "Because it's new and different, many will view it as intrusive or above and beyond what we should do," he said. "But some will say, 'Gee, it's about time.'"
Ultimately, the public will adjust, Cooper predicted.
***
Refurbishing the infrastructure
The Bush administration's homeland security strategy relies heavily on technology, which is putting pressure on agencies to develop new applications and upgrade their information technology infrastructures. Here are some of the major programs planned or under way at homeland security-related agencies. (Dollars are in millions.)
System ... Fiscal 2002 (budgeted) ... Fiscal 2003 (requested or given by Congress)
INS' ATLAS program — to modernize its core IT infrastructure ... $0 ... $157.5*
INS' Chimera — a data-sharing system to support anti-terrorism initiatives ... $6.7 ... $83.4**
Coast Guard's National Distress and Response System Modernization Project — to update communications and data systems ... $42 ... $91.4*
TSA's IT Managed Services program — to provide core IT infrastructure and services ... $0 ... $201*
INS' entry/exit visa system — for tracking foreigners entering and leaving the United States ... $17 ... $380*
FEMA's IT infrastructure — to upgrade basic information systems ... $55 ... $60*
Customs Service's Automated Commercial Environment — to modernize the import-processing system ... $26 ... $60*
FBI's Trilogy — a program to upgrade the agency's network and improve information sharing ... $330 ... $35.8***
* Source: Office of Management and Budget
** Source: Congressional documents
*** Source: Justice Department