IN THE NEWS
As regular readers of Arms and Influence know, I have both a counterterrorism/counterinsurgency background and a current career in the software industry. When I bring both perspectives to bear, I find I have fairly low expectations of US government efforts to make "the homeland" safer through computer technology. I've seen successes and failures in similar projects, so I know the warning signs of bad projects like Total Information Awareness.
Patently ridiculous on its face, Total Information Awareness never had a prayer of leaving the white board. Other projects see life, and unfortunately, some of them have a potential for abuse. CAPPS II is a case in point.
CAPPS II is a "data warehousing" system designed to catch terrorists before they board airliners. If you want to see a decent summary of how it works, click here. While in theory a reasonable response to 9/11, CAPPS II was rushed into production with little thought to its many problems. If you don't believe the American Civil Liberty Union's assessment (including their diagram of how CAPPS works that you see on the right), you might look at this scholarly, detailed, and level-headed analysis by a former foreign service officer.
When national security is at stake, many projects do get a hurried, messy start. However, people later clean them up, or re-think them from scratch. CAPPS II, like many Homeland Security projects, hasn't received that kind of overhaul. In fact, the fears of "mission creep" seem to be coming true:
“I was concerned, to begin with, about Safety Act protection for a CAPPS II-related platform,” Sabo wrote in his letter. “However, I am even more troubled if the department is limiting liability for a much broader system that utilizes personal data obtained from commercial entities. This ‘generic’ system could be used to assess the ‘risk’ of American citizens for any number of reasons that are unrelated to its original aviation passenger screening purpose.”
If only plugging these holes in CAPPS II were the extent of Homeland Security's information technology (IT) problems. Homeland Security is also struggling to integrate the different e-mail servers, financial applications, and other systems it inherited when the Homeland Security act combined previously independent government agencies into one department. That integration project was supposed to be the first IT landmark the new Department reached--and it's still not there. Homeland Security even lacks a credible "disaster recovery" strategy--which means that all the information that CAPPS II and other systems collect might not survive a terrorist attack or other catastrophe.
You can understand, therefore, why the new Chief Information Officer for Homeland Security is under a lot of scrutiny. His Department has had an abysmal record addressing IT problems, and even hired under-qualified people for senior positions. Worst of all, none of the information weapons Homeland Security has deployed have caught a terrorist. Almost four years after the 9/11 attacks, that's an astonishingly bad score card.
What would I do? Admit that CAPPS II needs an overhaul, including its basic assumptions. For every objection cited by the critics, design a credible safeguard. Hold the people implementing the system responsible against measurable, public measures of success. Otherwise, scrap this expensive system that's not demonstrably making Americans safer.
Comments