Chertoff on Continuing Information Sharing Problems

This morning, on CNN, Michael Chertoff (the second director of the US Department of Homeland Security) gave two reasons why the US was unable to identify the Undie Bomber: (1) The European Union (EU) blocked US access to their Visa database and (2) The airlines have been reluctant to upload all their passenger information to the federal government.

If the US, EU and Canadians built a publish/subscribe index system, there would be no need to either access or share databases. Here's how it would work. The Europeans would publish only the identifying information for individuals who, for example, were denied a Visa. They would publish the event when the denial occurred.

This is very different from what Mr. Chertoff wants when he says "We have to have access to these databases." To me this means someone in the National Counterterrorism Center in the US would be logging in to the European Visa database. This is a bad idea, which the EU rightly rejected, for a number of reasons: (1) It's too slow and is based on human intervention which becomes two points of potential failure. (2) It presents a security risk to the EU in that someone has to manage the accounts and the identification methods of those in the US that are allowed access. Legitimate, dormant accounts provide one method hackers can use to access a system.

The idea of asking the airlines to upload their entire passenger database to the federal government is also a bad idea: (1) It's too slow. If it happens over night or even two hours before flight departure, the current data is always a few hours out of date e.g., someone today purchasing a ticket with cash won't be part of the last data load. (2) It's unnecessary. What is the federal government going to do with all the mundane administrative information contained in a reservation system?

The NY Times today published a description of how slow, manual and subject to human failure the current system is and was in the case of the Undie bomber. This is the mentality in the US federal government: give us all the data and we'll have someone sit at a computer and look through it. Information sharing involves humans sending information back and forth to the authorities. Any approach that is not electronically based; that does not focus on indexing in real time objects and events of importance for US security; that does not allow all the participants to publish and subscribe; and that doesn't decentralize decision making, will create more security problems than it solves.