The recent attempt by a Nigerian man, evidently working for the Yemeni branch of Al Qaeda, to set off an underwear bomb (he is being called the Undiebomber) in a flight from Amsterdam to Detroit, has created new concerns about US security. The typical fire-drills after a terrorist threat (increased TSA shakedowns on domestic flights, new restrictions on luggage, removal of shoes, etc.) are similar to the ones that resulted from an attempt by Richard Reid on December 22, 2001 to set off a shoe bomb on an America Airlines flight. Hopefully, future travelers will not have to take off their underwear to get through airport security.
The interesting issue for me involves the continuing failure of information sharing. In response to 9/11, the US federal government has "squandered tens of millions of dollars on faulty technology, like high-tech 'puffer' machines that repeatedly broke down and flunked the most basic tests ... [but also] ... the government has yet to fully deploy a sophisticated method for matching passenger names with terrorist watch lists." The alleged Nigerian terrorist was flying from Lagos, Nigeria through Amsterdam to Detroit without luggage, possibly on a one-way ticket paid for in cash! This information alone should have raised many, many RED FLAGS, but it didn't. The dots still are not being connected.
To address the continuing failure of information sharing, I have a straight-forward solution. It's the same solution I presented to the US Department of Homeland Security (DHS) in 2004 [here, here and here] and is displayed in the graphic above. Create an XML-based indexing system that maintains pointers to sources that have information about objects of interest (e.g., people on terrorism watch lists). It is essentially a publish/subscribe system: agencies can electronically query the system, match objects indexed to objects about which they have information, and return new index records pointing to their holdings. Events would trigger new publish/subscribe transactions electronically. TSA screeners, for example, would scan passenger tickets and the system would be queried electronically. Criteria for secondary screening of passengers would be flexible and could be linked to the national threat level and changed instantly. Security for the underlying information would remain with the agency.
In 2004, DHS didn't seem very interested in my idea. They wanted all potential terrorist information stored in a very flexible XML format fusion center that would support any kind of direct querying. If that's what DHS is still insisting on, it won't happen within the bureaucracy of the US Federal government. Agencies guard their data too carefully and the central repository could not really guarantee the security of the mega-database (the 9/11 Commission Report section 13.3 UNITY OF EFFORT IN INFORMATION SHARING is interesting). In any event, it's not clear to me how the existing systems (TSA's Secure Flight and the National Counterterrorism Center's TIDE, which were based on the Northwest Airlines CAPS program) work together or are linked to, for example, the State Department's VISA database. From the descriptions, they seem too centralized rather than distributed--push the decisions as close as possible to the front lines--and too reliant on human querying.
My system isn't perfect. Agencies have to be willing or at least be compelled to query and publish to the database. The provision that they retain their own information should help with cooperation. Privacy advocates have questioned whether the index itself amounted to a fusion center or whether adequate safeguards were in place to accurately identify people. Since the system would not contain original data, only pointers, it is not a fusion center. Accurate personal identification remains a problem. A REAL ID system with stronger privacy protections than currently proposed could help reduce the identification problem (the current government ID requirement for air travel is weak). Certainly, the passport ID system could be strengthened.
This is not to say that there is a simple technical solution to the information sharing problem. There are plenty of other factors related to the growth of the US economy, the growth of the US airline industry and the growth of the US federal government. I'll talk about these issues in other posts.
No comments:
Post a Comment